...
The story details of these separate tasks are listed as:
SAK-354: Add Role based SU security
SU tool uses Security(Service).isSuperUser() to determine who can SU. This should be modified to use agent,/function/target ....
IT Express - can su - students
IT ExpreessExpress- can su - faculty
IT Express- cannot su - admin
SAK-367 - CharonPortal Tracking of assumed Id's with 'Return to...'
part two of two
2) CharonPortal patch: - assumed identities tracked with 'Return to <Eid>' link next to Logout link
create special url ('/realuser') that the portal will use to reload any existing previous usage session
...
source | function | target | result |
|---|---|---|---|
user A | can SU | user B | true/false |
| Panel | ||
|---|---|---|
| ||
Priv User = users that are added to a role in the 'SU Realm' which has the 'Can SU' security function
SuperUser = any user that has a 'magical' name or ability to edit the admin home site. |
What is expected:
test | source | function | target | result |
|---|---|---|---|---|
SuperUser | can SU | SuperUser | false | |
SuperUser | can SU | Priv User | true | |
SuperUser | can SU | Standard User | true | |
Standard User | can SU | SuperUser | false | |
Standard User | can SU | Priv User | false | |
Standard User | can SU | Stardard User | false | |
Priv User | can SU | SuperUser | false | |
Priv User | can SU | Standard User | true | |
Priv User | can SU | Priv User | true |
...