Introduce new default group whose members can add contribute members to the
userAdmin group
-------------------------------------------------------------------------------------------
Key: JCR-3010
URL: https://issues.apache.org/jira/browse/JCR-3010
Project: Jackrabbit Content Repository
Issue Type: New Feature
Components: jackrabbit-core
Reporter: Markus Joschko
Priority: Minor
There is a check in the UserAccessControlProvider that effectively forbids
everyone but the admin to add users to the UserAdmin Group.
This makes delegated administration of users where the admin user is not
available to the "application administrators" impossible.
As it is a security risk to allow every member of the group-admin group access
to the user-admin group, I'd like to ask to either allow members of the
administrator group to add user to that group or
to add an additional group user-group-assignee-group (maybe with a better
name) with that right.
460 /*
461 below group-tree:
462 - test if the user is group-administrator.
463 - make sure group-admin cannot modify user-admin or
administrators
464 - ... and cannot remove itself.
465 */
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
