[
https://issues.apache.org/jira/browse/SLING-10321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angela Schreiber resolved SLING-10321.
--------------------------------------
Resolution: Fixed
> Deprecate service mapping by userID
> -----------------------------------
>
> Key: SLING-10321
> URL: https://issues.apache.org/jira/browse/SLING-10321
> Project: Sling
> Issue Type: Improvement
> Components: Service User Mapper
> Affects Versions: Service User Mapper 1.5.2
> Reporter: Angela Schreiber
> Assignee: Angela Schreiber
> Priority: Major
> Fix For: Service User Mapper 1.5.4
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> [~cziegeler], [~kpauls], for security reasons I would like to deprecate the
> old service user mapping by a single userID in favor of the new format that
> takes one or multiple principal names.
> The new format allows to keep service permissions limited to service-users as
> declared in the mapping and doesn't resolve declare or inherited group
> permissions. This gives full control over the effective permissions granted
> to each service and doesn't risk unrelated permission changes (e.g. to a base
> group like 'everyone') impacting service security.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
