Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

JIRA: SAK-131: Add Role based SU security

This test plan covers the sub-story SAK-354: add realm based security to SuTool ONLY

Description:

This modification to the SU Tool is intended to allow users who are not SuperUser to SU other users. On Start up, the tool looks for or creates a security realm (reference: realms tool).... by default the realms name is '!su.can_su_realm' but it can be modified by editing the tool registration file.

Administrators should add roles to this realm that have the correct security function (permission). This function name is 'su.can_su' by default (but can be changed by an administrator by editing the tool registration file).

The permission matrix looks like this:

source

function

target

result

user A

can SU

user B

true/false

if:
Priv Users = users that are added to a role in the 'SU Realm' which has the 'Can SU' security function
NonPriv Users =
1) users that are not added to a role in the 'SU Realm' which has the 'Can SU' security function
or 2) users that are added to a role in the 'SU Realm' which does not have the 'Can SU' security function

SuperUser = any user that has the magical name or ability to edit the admin home site.

  • No labels