Uploaded image for project: 'WSO2 Identity Server'
  1. WSO2 Identity Server
  2. IDENTITY-2866

Improve Granularity of Permission Tree for Identity Features

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 5.0.0-GA
    • Fix Version/s: 5.3.0-M5
    • Component/s: all-identity
    • Labels:
    • Severity:
      Critical
    • Estimated Complexity:
      Moderate
    • Affects Docs:
      Yes

      Description

      Currently permission tree is very coarse compared to the number of features Identity Server supports. A single permission allows to do multiple operation in multiple components.

      Need to design a permission tree thinking about all the components in IS categorized by features, sub-features and operations.

      Once this is done we need to improve the automation tests, such that every admin service call is done by creating a new user with exact permission required to call the particular operation, and not the super admin or tenant admin. This will be a good way to cross check if all the admin service operations have automation tests also.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                isura@wso2.com Isura Karunaratne
                Reporter:
                johann@wso2.com Johann Nallathamby
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: