Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-18258

Activiti: Improve Identity Management and disable the function to change details of any user synced in from external directory (e.g. LDAP)

    Details

    • Type: Service Pack Request
    • Status: Open (View Workflow)
    • Resolution: Unresolved
    • Affects Version/s: Alfresco Activiti 1.4.1, Alfresco Activiti 1.4.5
    • Fix Version/s: None
    • Component/s: APS Identify Manager
    • Labels:
      None
    • Environment:
      Activiti 1.4.5/1.5EA4
    • Bug Priority:
      Category 3
    • ACT Numbers:

      00698111

    • Sprint:
      Docs Sprint 18

      Description

      [Summary]
      Enhancement request:
      Currently, the Activiti App UI and it´s Identity Managment tab allow administrators to modify user details (e.g. Company, email address) of any Activiti user. Even users which have been synced from external user directories like LDAP, can be modified. As we do not sync back changes to LDAP, please disable ("Grey out") the "Change details" function for users that are synced in and have an external ID.

      [Steps to reproduce]
      1. Have Activiti setup to sync users from LDAP
      2. As Admin log in to Activiti App
      3. Go to "Identity Management" -> "Users"
      4. From the users table, tick the checkbox for one user having a value in the external ID column (i.e. coming from LDAP).
      5. Click the "Select an action" dropdown and select "Change details" (see attached IDM_BeforeChange.png).
      6. In the opened dialog, change the email address of this user and click save (see attached IDM_DetailsChange.png)
      7. Inspect the details for the changed user in the user table.

      [Current behaviour]
      One can change details like the email address of those users synced from LDAP (see attached IDM_AfterChange.png).

      [Expected behaviour]
      The function "Change details" should be disabled for users that are synced from external directories like LDAP. That means, as soon as an user has an entry in the external ID column, the "Change details" option should not be available.

      [Background]

      • Enhancement is not coming from customer but coming from internal.
      • It was raised to be consistent compared to other products like Share, where we also disable modification of user details for users that have been synced in from external user directories. See attached Share_UserDetails.png displaying the user details fields for a LDAP user: fields that cannot be edited are greyed out.

        Attachments

        1. IDM_AfterChange.png
          IDM_AfterChange.png
          155 kB
        2. IDM_BeforeChange.png
          IDM_BeforeChange.png
          167 kB
        3. IDM_DetailsChange.png
          IDM_DetailsChange.png
          27 kB
        4. Share_UserDetails.png
          Share_UserDetails.png
          85 kB

          Issue Links

            Activity

              People

              • Assignee:
                djohnson Doug Johnson
                Reporter:
                dkoch Dennis Koch
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: