Type: Service Pack Request
Status: Open (View Workflow)
Affects Version/s: Alfresco Activiti 1.4.1, Alfresco Activiti 1.4.5
Fix Version/s: None
Component/s: APS Identify Manager
Sprint:Docs Sprint 18
Currently, the Activiti App UI and it´s Identity Managment tab allow administrators to modify user details (e.g. Company, email address) of any Activiti user. Even users which have been synced from external user directories like LDAP, can be modified. As we do not sync back changes to LDAP, please disable ("Grey out") the "Change details" function for users that are synced in and have an external ID.
[Steps to reproduce]
1. Have Activiti setup to sync users from LDAP
2. As Admin log in to Activiti App
3. Go to "Identity Management" -> "Users"
4. From the users table, tick the checkbox for one user having a value in the external ID column (i.e. coming from LDAP).
5. Click the "Select an action" dropdown and select "Change details" (see attached IDM_BeforeChange.png).
6. In the opened dialog, change the email address of this user and click save (see attached IDM_DetailsChange.png)
7. Inspect the details for the changed user in the user table.
One can change details like the email address of those users synced from LDAP (see attached IDM_AfterChange.png).
The function "Change details" should be disabled for users that are synced from external directories like LDAP. That means, as soon as an user has an entry in the external ID column, the "Change details" option should not be available.
- Enhancement is not coming from customer but coming from internal.
- It was raised to be consistent compared to other products like Share, where we also disable modification of user details for users that have been synced in from external user directories. See attached Share_UserDetails.png displaying the user details fields for a LDAP user: fields that cannot be edited are greyed out.