[
https://issues.apache.org/jira/browse/SLING-9808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman closed SLING-9808.
------------------------------
Completed with the 2.2.12 release
> Add configuration option to always allow users to change their own password
> ---------------------------------------------------------------------------
>
> Key: SLING-9808
> URL: https://issues.apache.org/jira/browse/SLING-9808
> Project: Sling
> Issue Type: Improvement
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit User Manager 2.2.12
>
>
> Oak generally requires that the user be granted the rep:userManagement
> privilege in order to be able to call the User.changePassword API.
> However, in an environment where security is more locked down, it may be
> necessary for the user to have the ability to change their own password but
> not get all the other access that being granted rep:userManagement would
> allow (i.e. User.disable or Authorizable.remove)
> To make that possible, the ChangeUserPassword servlet should have a
> configurable property to specify whether a user is allowed to change their
> own password even if they haven't been granted the rep:userManagement
> privilege. If the user doesn't have the required rep:userManagement
> privilege, then the work should be done on their behalf by a service user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
