Eric Norman created SLING-9808:
----------------------------------
Summary: Add configuration option to always allow users to change
their own password
Key: SLING-9808
URL: https://issues.apache.org/jira/browse/SLING-9808
Project: Sling
Issue Type: Improvement
Reporter: Eric Norman
Assignee: Eric Norman
Fix For: JCR Jackrabbit User Manager 2.2.12
Oak generally requires that the user be granted the rep:userManagement
privilege in order to be able to call the User.changePassword API.
However, in an environment where security is more locked down, it may be
necessary for the user to have the ability to change their own password but not
get all the other access that being granted rep:userManagement would allow
(i.e. User.disable or Authorizable.remove)
To make that possible, the ChangeUserPassword servlet should have a
configurable property to specify whether a user is allowed to change their own
password even if they haven't been granted the rep:userManagement privilege.
If the user doesn't have the required rep:userManagement privilege, then the
work should be done on their behalf by a service user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
