[
https://issues.apache.org/jira/browse/OAK-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971866#comment-14971866
]
Rob Ryan commented on OAK-2947:
-------------------------------
How about something like:
To enable impersonation the target user must already have, or allow the
creation of a node under the user something like:
oak:impersonators/<systemuserAuthorizableId>
This way existing permission implementation can be used to decide the question
of whether a given system user can impersonate a given user.
I also see value in the proposal to be able to configure
> Allow configured system user(s) to impersonate regular users
> ------------------------------------------------------------
>
> Key: OAK-2947
> URL: https://issues.apache.org/jira/browse/OAK-2947
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Affects Versions: 1.2
> Reporter: angela
> Assignee: angela
> Attachments: OAK-2947.patch
>
>
> Based on some private discussion on how to implement a feature that allows a
> given subject to continue working on 'his' modifications after changes being
> persisted, we ([~djaeggi], [~chaotic] and [~anchela]) thought that it would
> be beneficial to have a configuration option in Oak that allows certain
> system users to impersonate regular users irrespective on the
> {{rep:impersonators}} properties present with those users.
> [~fmeschbe] additionally proposed to allow for a configuration that not only
> states the name(s) of the service users but also limits the sudo-rights to
> members of a certain group: for example the impersonation ability of a
> potential system user "impersonate-content-authors" could be limited to
> impersonate members of the "content-authors" group.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
