Local Account Self Service

uPortal has several built-in portlets to allow users to modify their password or account attributes, subject to configured permissions.  These portlets are not useful if account information is obtained from LDAP, CAS (for passwords), or other sources.  They only pertain to local accounts.

Reset Password portlet

tbd add docs here

Password Management portlet (self-edit-account) - updating password or attributes

Users must be given permission to modify their account information.  As of uPortal 4.0.11 the Permissions Admin UI does not allow entering the necessary data so the necessary permissions records must be imported into the database.

1. Allow users to edit their account information. 

Import the following permissions (suggest storing the file in uportal-war/src/data/default_entities/permission_set/Authenticated_Users__EDIT_USER__UP_USERS.permission-set.xml so it is included in an 'ant initdb' for development environments).  Tomcat should be restarted for uPortal for the permission to take effect.

uportal-war/src/data/default_entities/permission_set/Authenticated_Users_EDIT_USER_UP_USERS.permission-set.xml
<permission-set script="classpath://org/jasig/portal/io/import-permission_set_v3-1.crn">
  <owner>UP_USERS</owner>
  <principal-type>org.jasig.portal.groups.IEntityGroup</principal-type>
  <principal>
       <group>Authenticated Users</group> <!-- Assumes all accounts are local.  May choose 
   </principal>
  <activity>EDIT_USER</activity>
  <target permission-type="GRANT">
       <literal>SELF</literal>
   </target>
</permission-set> 

2. (optional) Add permissions specifying the account attributes a user can edit

The Password Management (self-edit-account) portlet also allows a user to edit those account attributes they have permission to modify.  Permissions must be added for each user-editable account attribute.

Authenticated_Users_EDIT_USER_UP_USERS.permission-set.xml
 <permission-set script="classpath://org/jasig/portal/io/import-permission_set_v3-1.crn">
  <owner>UP_USERS</owner>
  <principal-type>org.jasig.portal.groups.IEntityGroup</principal-type>
  <principal>
       <group>Authenticated Users</group>
   </principal>
  <activity>EDIT_USER_ATTRIBUTE</activity>
  <target permission-type="GRANT">
       <literal>mail</literal>
   </target>
</permission-set>