Antoniu N created OAK-10173:
-------------------------------
Summary: Allow members of administrator groups to impersonate any
user
Key: OAK-10173
URL: https://issues.apache.org/jira/browse/OAK-10173
Project: Jackrabbit Oak
Issue Type: Story
Components: core, security-spi
Reporter: Antoniu N
The issue is related to AEM's
[SITES-10289|https://jira.corp.adobe.com/browse/SITES-10289]
Customer Use-case :
Customer is an AMS customer so admin user is not constantly available. Customer
can attempt to contact lock owner, however, they are not available as well.
User will lock pages when they are working on it and may forget to unlock the
page.
Team will no longer be able to work on the locked page until AMS admin is
available or lock owner admin is available to unlock the page.
Customers have administrators available but administrators do not have the
ability to unlock the pages.
Steps to replicate :
Impersonation:
Create test-author user and add them to content-authors group
Create test-admin user and add them to administrators group
Log into the AEM instance as test-admin and try to impersonate test-author -
this is not possible unless you are logged in as the actual "admin" user.
Current/Experienced Behavior :
Administrators are not able to unlock pages or impersonate users (unless their
user id is added to the impersonators of the target user)
Improved/Expected Behavior :
Administrators should be able to unlock pages and impersonate other users.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
