Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-848

Auto-generate Identifiers can provision before petition is approved

    XMLWordPrintable

Details

    Description

      Created a petition for a new member. Did not approve - CO person still at 'pending approval.' Went to edit the CO person, hit 'autogenerate identifiers'. Identifiers were created, provisioning plugins invoked, and principals in provisioned systems created. CO person still at pending approval.

      Seems like a big security hole.

      Should the 'autogenerate' be disabled until approved? Or Should the provisioning plugins not be invoked, by ID still generated? I think I favor the later as it could be a chance for approver to tweek the ID before provisioning.

      Attachments

        Activity

          People

            benn.oshrin@at.internet2.edu Benn Oshrin
            michael.manske@at.internet2.edu Michael Manske (ligo.org)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: