Hi Mushthaq, UserAccountAssociationService.switchLoggedInUser() service method is only useful for users who has logged in session. Because this feature provides support for switch between associated user accounts in that logged in session. In order to create a session we need to call A uthenticationAdmin.login() and in this service method, we do check whether the user has permission/admin/login permission[1]. So it is a must to have permission/admin/login permission for any user who is using switchLoggedInUser method.
I think this gives the rationality for other methods which have the same permission level. [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.core.services/src/main/java/org/wso2/carbon/core/services/authentication/AuthenticationAdmin.java#L110 Thanks, Thanuja On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy <[email protected]> wrote: > Hi All, > > Is there a specific reason to have "/permission/admin/login" in some of > the operations in UserAccountAssociationService? > > This permission will allow the users to login to the Management Console > and In case, if someone wants to use these operations of > UserAccountAssociationService in a separate client application and he/she > does not want to the users of this application to login to the Management > Console, what would be the work around and how can we solve this? > > Your thoughts on this is highly appreciated. > > Thanks & Regards, > Mushthaq > -- > Mushthaq Rumy > *Software Engineer* > Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> > Email : [email protected] > WSO2, Inc.; http://wso2.com/ > lean . enterprise . middleware. > > <http://wso2.com/signature> > -- *Thanuja Lakmal* Associate Technical Lead WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
