You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the feature you are requesting, as well as the possible use case(s) for it.
User removal is a natural feature that we are missing. By initial design, we avoided it due to the complexity of the cascade effect caused by the ownership relation: since only owners could manipulate their Things and Channels, it would imply that removing removes all of its assets in a cascade way. Now, when we introduced administrators and detach access control from ownership, user removal should be as simple as setting a blocked flag or physically removing it. After that, the administrator can take care of all the orphaned assets - remove them or assign them to someone else.
We also need to introduce refresh tokens and make access tokens last shorter to reduce the possible attack time frame.
We need to define what removing the user exactly means and do we support user removal or only block it, but either way, it should implement at least one of those two options.
Comments are welcome. @mainflux/maintainers
Indicate the importance of this feature to you (must-have, should-have, nice-to-have).
This is a must-have.
The text was updated successfully, but these errors were encountered:
FEATURE REQUEST
existing issue, otherwise proceed to step 2.
There is issue #458.
User removal is a natural feature that we are missing. By initial design, we avoided it due to the complexity of the cascade effect caused by the ownership relation: since only owners could manipulate their Things and Channels, it would imply that removing removes all of its assets in a cascade way. Now, when we introduced administrators and detach access control from ownership, user removal should be as simple as setting a
blocked
flag or physically removing it. After that, the administrator can take care of all the orphaned assets - remove them or assign them to someone else.We also need to introduce refresh tokens and make access tokens last shorter to reduce the possible attack time frame.
We need to define what removing the user exactly means and do we support user removal or only block it, but either way, it should implement at least one of those two options.
Comments are welcome. @mainflux/maintainers
This is a must-have.
The text was updated successfully, but these errors were encountered: