Details
Description
org.sonatype.nexus.security.SecurityApi has an addRole method:
/** * Add a new Role to the system. */ Role addRole(String id, String name, String description, List<String> privileges, List<String> roles);
This method does not allow specifying the role source, the implementation uses the default source (Default Authorization realm)
While it can work that you can create a role in the default source, and still have that picked up by LDAP or crowd, this seems to be by accident only, is not intuitive and a compatibility byproduct from Nexus 2.
This implicit byproduct is not a good long term approach.
Users want to map roles explicitly to LDAP and CROWD, not the default realm and providing a way to specify the role source would allow that.
Attachments
Issue Links
- is caused by
-
NEXUS-13182 Impossible to know which user roles are from external realms
-
- Open
-