-
Notifications
You must be signed in to change notification settings - Fork 663
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user removal and/or blocking feature #1529
Comments
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FEATURE REQUEST
existing issue, otherwise proceed to step 2.
There is issue #458.
User removal is a natural feature that we are missing. By initial design, we avoided it due to the complexity of the cascade effect caused by the ownership relation: since only owners could manipulate their Things and Channels, it would imply that removing removes all of its assets in a cascade way. Now, when we introduced administrators and detach access control from ownership, user removal should be as simple as setting a
blocked
flag or physically removing it. After that, the administrator can take care of all the orphaned assets - remove them or assign them to someone else.We also need to introduce refresh tokens and make access tokens last shorter to reduce the possible attack time frame.
We need to define what removing the user exactly means and do we support user removal or only block it, but either way, it should implement at least one of those two options.
Comments are welcome. @mainflux/maintainers
This is a must-have.
The text was updated successfully, but these errors were encountered: