[
https://issues.apache.org/jira/browse/SLING-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17333219#comment-17333219
]
Angela Schreiber commented on SLING-10333:
------------------------------------------
[~bdelacretaz], not that i was aware of... in fact it's quite the opposite: in
a productive environment regular users should be disabled instead of being
removed in order to prevent re-using the same id again, which poses all sorts
of troubles. see exercise
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/user/L9_RemoveAuthorizableTest.java
for some hints.
> Repoinit: allow for disabling regular (non-service) users
> ---------------------------------------------------------
>
> Key: SLING-10333
> URL: https://issues.apache.org/jira/browse/SLING-10333
> Project: Sling
> Issue Type: Improvement
> Components: Repoinit
> Affects Versions: Repoinit Parser 1.6.6, Repoinit JCR 1.1.34
> Reporter: Bertrand Delacretaz
> Priority: Minor
>
> In SLING-6984 we added a {{disable service user}} statement to repoinit.
> Shouldn't we have the same functionality for regular users?
> [~angela], as you know the Oak security features much better than I do, does
> anything speak against a {{disable user}} statement?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
