autoCreateTestUsers needs a field for impersonators

Netcentric / accesscontroltool

Rights and roles management for AEM made easy

Eclipse Public License 1.0

150 stars 92 forks source link

autoCreateTestUsers needs a field for impersonators #723

Closed kwin closed 2 months ago

kwin commented 3 months ago

In order to allow testing with AEMaaCS (where the local admin is not used) even user's of the administrators group need to be explicitly allowed to impersonate as a test user. Therefore the field impersonationAllowedFor already available for regular users should also be evaluated for autoCreateTestUsers. For AEM Classic usually the local admin user was used which implicitly always is allowed to impersonate as everyone elsse.

kwin commented 3 months ago

Further information in https://jackrabbit.apache.org/oak/docs/security/user/default.html#impersonation

The default implementation of the Impersonation interface comes with the following limitations and features:

only user principals can be granted impersonation

every user can impersonate itself

the admin user always can impersonate all users (and therefore cannot be granted impersonation)

the Configuration allows to define a list of user or group principals that can impersonate all users (since Oak 1.54.0, see OAK-10173)