[
https://issues.apache.org/jira/browse/JCR-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved JCR-3010.
-------------------------
Resolution: Won't Fix
> Introduce new default group whose members can add contribute members to the
> userAdmin group
> -------------------------------------------------------------------------------------------
>
> Key: JCR-3010
> URL: https://issues.apache.org/jira/browse/JCR-3010
> Project: Jackrabbit Content Repository
> Issue Type: New Feature
> Components: jackrabbit-core
> Reporter: Markus Joschko
> Priority: Minor
>
> There is a check in the UserAccessControlProvider that effectively forbids
> everyone but the admin to add users to the UserAdmin Group.
> This makes delegated administration of users where the admin user is not
> available to the "application administrators" impossible.
> As it is a security risk to allow every member of the group-admin group
> access to the user-admin group, I'd like to ask to either allow members of
> the administrator group to add user to that group or
> to add an additional group user-group-assignee-group (maybe with a better
> name) with that right.
> 460 /*
> 461 below group-tree:
> 462 - test if the user is group-administrator.
> 463 - make sure group-admin cannot modify user-admin or
> administrators
> 464 - ... and cannot remove itself.
> 465 */
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
