[ https://issues.apache.org/jira/browse/SLING-10321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Angela Schreiber resolved SLING-10321. -------------------------------------- Resolution: Fixed > Deprecate service mapping by userID > ----------------------------------- > > Key: SLING-10321 > URL: https://issues.apache.org/jira/browse/SLING-10321 > Project: Sling > Issue Type: Improvement > Components: Service User Mapper > Affects Versions: Service User Mapper 1.5.2 > Reporter: Angela Schreiber > Assignee: Angela Schreiber > Priority: Major > Fix For: Service User Mapper 1.5.4 > > Time Spent: 40m > Remaining Estimate: 0h > > [~cziegeler], [~kpauls], for security reasons I would like to deprecate the > old service user mapping by a single userID in favor of the new format that > takes one or multiple principal names. > The new format allows to keep service permissions limited to service-users as > declared in the mapping and doesn't resolve declare or inherited group > permissions. This gives full control over the effective permissions granted > to each service and doesn't risk unrelated permission changes (e.g. to a base > group like 'everyone') impacting service security. -- This message was sent by Atlassian Jira (v8.3.4#803005)