[
https://issues.apache.org/jira/browse/SLING-9808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman resolved SLING-9808.
--------------------------------
Resolution: Fixed
Fixed at:
https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-usermanager/commit/0b9fec191d3990fa025092b59aeec8029e8b1f6d
> Add configuration option to always allow users to change their own password
> ---------------------------------------------------------------------------
>
> Key: SLING-9808
> URL: https://issues.apache.org/jira/browse/SLING-9808
> Project: Sling
> Issue Type: Improvement
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit User Manager 2.2.12
>
>
> Oak generally requires that the user be granted the rep:userManagement
> privilege in order to be able to call the User.changePassword API.
> However, in an environment where security is more locked down, it may be
> necessary for the user to have the ability to change their own password but
> not get all the other access that being granted rep:userManagement would
> allow (i.e. User.disable or Authorizable.remove)
> To make that possible, the ChangeUserPassword servlet should have a
> configurable property to specify whether a user is allowed to change their
> own password even if they haven't been granted the rep:userManagement
> privilege. If the user doesn't have the required rep:userManagement
> privilege, then the work should be done on their behalf by a service user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
