[ https://issues.apache.org/jira/browse/QPID-7340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373148#comment-15373148 ]
Keith Wall commented on QPID-7340: ---------------------------------- I think the most appropriate ACL rule we have at the moment is guard the operation with a METHOD "purgeUser" check. The permission could be given to someone in the identity maintainer role. > Implement purge user function > ------------------------------ > > Key: QPID-7340 > URL: https://issues.apache.org/jira/browse/QPID-7340 > Project: Qpid > Issue Type: New Feature > Components: Java Broker > Reporter: Keith Wall > Fix For: qpid-java-6.1 > > > When a human user leaves an organisation, it is normally desirable to remove > the records that belong to that user. Implement an operation to allow a > named user to be removed. This could be hooked to to an organisation's > 'leavers-feed'. > This operation should remove: > * preferences > * for authentication providers that manage their own database, the user's > password entry > * for group providers that manage their own database, remove the user from > any groups > What ACL permission should protect this operation? > What if a Virtualhost is offline at the time the operation is invoked? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org