Details
-
Task
-
Resolution: Fixed
-
Minor
-
COmanage Registry 3.2.2 (Oyster Pearl MR2)
Description
When a record is in non-Active status (eg: Suspended) certain attributes remain in the record. The idea is to maintain referential integrity for applications (so identifiers and biodem remain) but remove authorizations (so groups are removed). Currently
- eduPersonEntitlement is still populated. This is probably wrong.
- inMemberOf for "all" groups (eg: CO:members:all, CO:COU:mycou:members:all) is still populated. This might be "right", given that as far as Registry is concerned the person is still in these groups, but then documentation should be made clear not to rely on these groups for authz.