Details
-
Feature
-
Status: Deferred (View Workflow)
-
Minor
-
Resolution: Unresolved
-
1.12, 1.13
-
None
-
None
Description
Current Situation
- There are two environments (e.g. env1 and env2) each with one JOC Cockpit installed with the same database.
- Next, there are two roles (e.g. "admin" and "api_user") assigned to a single user (let say, "test").
here, "admin" will have full access to the JOC but "api_user" will have read-only access to the JOC. - Now, if the user "test" logs into the "env1" then it is getting full access to the JOC and ends up with only read access to "env2" and vice-versa.
here, shiro.ini file is getting overwrite as the database is the same for both the JOC Cockpit.
Desired Behavior
- If the user "test" logs into the "env1" then it should always get the full access (i.e. admin role) to the JOC Cockpit.
- And if the same user "test" logs into the "env2" then it should always get the read-only access (i.e. api_user role) to the JOC Cockpit.
- Or the shiro.ini should be different for different environments instead of common shiro.ini due to the same database.
- Therefore, the permissions on a single user with multiple roles assigned should not get overwrite in shiro.ini file.