Feature: Principal group management #3
Comments
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change adds support for creating principals that represent an entire email domain's worth of principals. This is a quick way to add support for generalized principal grouping (#3), but is fairly coarse-grained.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
bobvawter
added a commit
that referenced
this issue
Mar 19, 2021
This change allows cacheroach use an OpenID Connect provider to automatically provision users and removes password-based authentication from cacheroach. OIDC-derived Principals will use the "offline" authentication flow, allowing for ongoing revalidation of the upstream user account. It is still possible to create principals that do not have a backing OIDC account to use as role accounts for automation. This change also allows email domains to be used as a means of granting access to a group of users. This can be seen as an initial step towards #3. Closes #2.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User groups could be implemented by representing the group as a principal and giving all members of the group delegate permissions on the group itself.
The text was updated successfully, but these errors were encountered: