Details
-
Improvement
-
Resolution: Fixed
-
Major
-
1.35.0
-
None
Description
Today all the mirror user profiles that are created on the wiki following an authentication through the OIDC authenticator have the following rights:
- edit right is explicitly given to the user themselves only
- admins will also be able to edit the profiles or whoever has 'admin' right at the level of XWiki space at least, because admin implies edit
- all the other rights are inherited
- this usually means that XWikiAllGroup - all other registered users - can see the profile page, because they inherit 'view' from the XWiki space level.
- depending on the instance, this may be the case for the guest as well
- this usually means that XWikiAllGroup - all other registered users - can see the profile page, because they inherit 'view' from the XWiki space level.
This new feature is about being able to configure the rights that are explicitly set at the level of the user profile page to the owner of that profile. This would mean, in practice, that by configuring this it will be possible to achieve the following (amongst other things):
- disallow the users from modifying their own profiles
- break inheritance for the 'view' right and make the user profiles private (admin would also be able to see the page)