incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Users & roles
Date Fri, 30 Mar 2012 13:13:35 GMT
Hi Francesco,

> let me clarify one point: if role A (with entitlement E) has child role
> B, and user U has role B assigned, this DOES NOT IMPLY that user U has
> role A assigned as well.

> When defining roles, you can choose whether a role will inherit some
> information (entitlements, for example) from its parent.

Are you referring to the "inherit attributes" checkbox when creating a
child role? What is the exact meaning of this - that the child role
does not inherit any attributes or entitlements from the parent role?
Or is it stronger as you seem to be implying in the example, that no
hierarchy exists (i.e. a user in the child role does not inherit the
parent role at all when this box is ticket)?

Colm.

2012/3/30 Francesco Chicchiriccò <ilgrosso@apache.org>:
> On 30/03/2012 14:48, Bob Lannoy wrote:
>> On 30 March 2012 14:29, Colm O hEigeartaigh <coheigea@apache.org> wrote:
>>> Hi Bob,
>>>
>>> I've been running into similar issues.
>>>
>>>> - /auth/getentitlements doesn't give me the roles of the connected user
>>> It gives you the list of entitlements associated with the roles of the
>>> connected user. Perhaps this controller should also have a similar
>>> method for returning a list of role names of the connected user as
>>> well?
>> Through the console both are mixed so I confused entitlements with the roles.
>> A "getroles" method for the connected user would indeed be handy.
>> Ideally it could return the child with its parents
>>
>> I could try to have a go at it although I'm not a hard core developer ;)
>
> Hi,
> let me clarify one point: if role A (with entitlement E) has child role
> B, and user U has role B assigned, this DOES NOT IMPLY that user U has
> role A assigned as well.
>
> When defining roles, you can choose whether a role will inherit some
> information (entitlements, for example) from its parent.
>
> This means, referring to example above, that if B is configured to
> inherit entitlements from A, user U will have entitlement E.
>
> Hence, a method like the one above proposed by Colm will not be needed:
> when using the self-read REST method (as indicated by Fabio in another
> e-mail), you will find such information in UserTO.getRoles().
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Apache Cocoon PMC and Apache Syncope PPMC Member
> http://people.apache.org/~ilgrosso/
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message