Hi 2018-07-27 16:41 GMT+02:00 Jason E Bailey <j...@apache.org>:
> I may be off base here since I haven't spent much time with service users > but couldn't this be handled by extending the Service User so that for > specific services, the user returned is the literal admin user. > > i.e. rather then whitelisting the services that can use > loginAdministrative the service user that these whitelisted services would > get would be the Administrator user. > That means, that instead of the service-user you can configure to receive the admin-user? I guess, that it won't change much... Instead of creating a new service-user lazy people will use the admin. One could argue, that it's still to easy to use an admin session. But harmonizing both approaches would definitley help, because then a switch from a service-user to an admin-user and vice-versa would be just a configuration change, but no code change. Jörg -- Cheers, Jörg Hoh, http://cqdump.wordpress.com Twitter: @joerghoh