Unexpedient default configuration: Users cannot change their own passwords.

Problem

Clients need the ACM:USER:UPDATE_PASSWORD:?REALM?:?USERNAME? to update the password of a given user. However, by default, user's do no have this permission. This is a misconfiguration.

Known Workarounds

Add the permission to the user explicitly

• Use the caosdb_admin.py tool with a user with admin permissions for the following.
• Create a role for user who should be able to update their own password: caosdb_admin.py create_role "own_password_updater" "A user who is permitted to update their own password."
• Grant the missing permission: caosdb_admin.py grant_role_permissions "own_password_updater" "ACM:USER:UPDATE_PASSWORD:?REALM?:?USERNAME?"
• Now assign the new role to any user who needs to update their own password: caosdb_admin.py add_user_roles "SOME_USER" "own_password_updater"

Note

• It is not a bug that users which are managed by an external authenticator (e.g. via LDAP or NIS) cannot update their passwords through CaosDB