Return-Path: <dev-return-54688-archive-asf-public=cust-asf.ponee.io@directory.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 1EF83200B9B
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 12 Oct 2016 14:49:22 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 1D9E5160AD4; Wed, 12 Oct 2016 12:49:22 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 8D1DA160AD3
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 12 Oct 2016 14:49:21 +0200 (CEST)
Received: (qmail 82502 invoked by uid 500); 12 Oct 2016 12:49:20 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 82489 invoked by uid 99); 12 Oct 2016 12:49:20 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Oct 2016 12:49:20 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 696012C0088
	for <dev@directory.apache.org>; Wed, 12 Oct 2016 12:49:20 +0000 (UTC)
Date: Wed, 12 Oct 2016 12:49:20 +0000 (UTC)
From: "Chris Pike (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.13011656.1476276518000.804479.1476276560426@Atlassian.JIRA>
In-Reply-To: <JIRA.13011656.1476276518000@Atlassian.JIRA>
References: <JIRA.13011656.1476276518000@Atlassian.JIRA> <JIRA.13011656.1476276518844@arcas>
Subject: [jira] [Created] (FC-195) ARBAC Role Grouping
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 12 Oct 2016 12:49:22 -0000

Chris Pike created FC-195:
-----------------------------

             Summary: ARBAC Role Grouping
                 Key: FC-195
                 URL: https://issues.apache.org/jira/browse/FC-195
             Project: FORTRESS
          Issue Type: Improvement
            Reporter: Chris Pike
            Assignee: Chris Pike


User Story: As a fortress super administrator, I want to delegate Role Management (Creation and Permission Assignment) to application owners

Current Steps:
 1. Create an ARBAC Role (AR1) that has jurisdiction over Perm OU (POU1) and Role Range (RR1)
 2. Assign User (U1) into AR1
 3. U1 creates new Role (R1)
 4. U1 adds Permission (P1) into R1 but is denied since R1 doesn't belong to RR1

Steps After ARBAC Role Group
 1. Create an ARBAC Role (AR1) that has jurisdiction over Perm OU (POU1) and Role Group (RG1)
 2. Assign User (U1) into AR1
 3. U1 creates new Role (R1) with Group of RG1
 4. U1 adds Permission (P1) into R1



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)