Clarification in leaf/releases RE Authentication and Authorization #525
artgoldberg
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi Folks
When I first read the description of features #465 and #466 in the releases page, I thought that each user would need an entry in
auth.UserRole
withIsUser
set true. The description of #465 gave me this impression.But reading the code, I see that the
GetMask
functions return true forRoleMask.User
whenauthorizationOptions.AllowAllAuthenticatedUsers
. That's good for installations like ours, where thousands of people are authenticated by our central Identity Provider, and it would be quite cumbersome to also authorize them inauth.UserRole
.Perhaps this could be made clearer by having the description of #465 explicitly say something like "If
Authorization.AllowAllAuthenticatedUsers
is enabled, then all authenticated users will be authorized Leaf users (as if they had a true value forIsUser
inauth.UserRole
)."Thanks
Arthur
Beta Was this translation helpful? Give feedback.
All reactions