[
https://issues.apache.org/jira/browse/JSPWIKI-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596067#action_12596067
]
Aaron Hamid commented on JSPWIKI-266:
-------------------------------------
Also, I was able to determine how to manually set the password in the default
authentication database. If this method can be used to manually create new
accounts, that is fine by me, I'm not asking for a fancy UI to create accounts.
> Add ability to restrict account creation
> ----------------------------------------
>
> Key: JSPWIKI-266
> URL: https://issues.apache.org/jira/browse/JSPWIKI-266
> Project: JSPWiki
> Issue Type: New Feature
> Components: Authentication&Authorization
> Reporter: Aaron Hamid
>
> This is a formal feature request (because I could not find an existing issue)
> for the "Admin Creates User Profiles" Idea here:
> http://www.jspwiki.org/wiki/IdeaAdminCreatesUserProfiles
> Once way to implement it would be, that a different permission,
> "createProfile", be added, still configurable in the jspwiki.policy file.
> This way the desired policy could be configured such that the admin group has
> the "createProfile" permission, while the Authenticated have their
> "editProfile" permission.
> Workarounds are presented here
> http://www.jspwiki.org/wiki/AllowOnlyAdministratorCreateUserAccounts but have
> drawbacks, including allowing arbitrary junk accounts or forcing security to
> be configured external to the application.
> The proposal above, a new "createProfile" permission, seems like a
> straightforward way to address this concern directly in the product expanding
> its usefulness without weird workarounds.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
