Limit user creation within a zone #2581
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/186351462 The labels on this github issue will be updated when the story is started. |
cf-foundation-community-automation
bot
moved this to Inbox
in Foundational Infrastructure Working Group
|
I would propose to add it to the userConfig of the IdZ configuration, for example: UserConfig.maxNumber (https://github.com/cloudfoundry/uaa/blob/develop/model/src/main/java/org/cloudfoundry/identity/uaa/zone/UserConfig.java) |
github-project-automation
bot
moved this from Inbox
to Done
in Foundational Infrastructure Working Group
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a request for a feature to limit the amount of users which can be created within the identity zone.
This is needed for #2505 but can used independently.
Scenario.
A foundational operator creates a zone for a department and provides this department access to maintain their zone themselves, e.g. scim.write . The department does not have access to maintain details or policies of the zone. This action is
only possible from uaa.admin. The depart does not have uaa.admin or zones.<idz.>.admin.
The department is trusted, however it must not exceed all resources in persistence by accident, therefore there must be a mechanism to limit scim users. The admin of the department may get zones..read to read own data but no more rights.
Proposal.
Identity-Zone-Configuration has some policy sections, e.g. tokenPolicy, . Here a limitPolicy should be added with such rules.
E.g. maxUsers or maxGroups
The text was updated successfully, but these errors were encountered: