Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Edit Identifiers

Subject: COmanage Users List

List archive

Re: [comanage-users] Edit Identifiers

Chronological Thread 
  • From: Benn Oshrin <>
  • To:
  • Cc:
  • Subject: Re: [comanage-users] Edit Identifiers
  • Date: Sat, 10 May 2014 18:28:43 -0400

On 5/9/14 4:52 PM,

People with admin privs can manually change an identifier via CO->People->My
Population and selecting a person, then editing their identifiers. Seems
dangerous. I am wondering if I missed a setting to protect this.

CO Admins need to be able to fix bad data, including identifiers. CO Admins are by definition trusted users who can take actions that can break things. eg: They can define LDAP servers to provision to, and change the attributes that are written there.

There's possibly an argument to constrain COU Admins, but COU Admins are really trusted delegates of the CO Admin over a subset of the population, and so also need to be able to fix bad data.


Archive powered by MHonArc 2.6.16.

Top of Page