Return-Path: 
 <syncope-user-return-34-apmail-incubator-syncope-user-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-syncope-user-archive@minotaur.apache.org
Delivered-To: apmail-incubator-syncope-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1C0859D26
	for <apmail-incubator-syncope-user-archive@minotaur.apache.org>;
 Mon, 26 Mar 2012 14:57:01 +0000 (UTC)
Received: (qmail 75200 invoked by uid 500); 26 Mar 2012 14:57:01 -0000
Delivered-To: apmail-incubator-syncope-user-archive@incubator.apache.org
Received: (qmail 75162 invoked by uid 500); 26 Mar 2012 14:57:00 -0000
Mailing-List: contact syncope-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:syncope-user-help@incubator.apache.org>
List-Unsubscribe: <mailto:syncope-user-unsubscribe@incubator.apache.org>
List-Post: <mailto:syncope-user@incubator.apache.org>
List-Id: <syncope-user.incubator.apache.org>
Reply-To: syncope-user@incubator.apache.org
Delivered-To: mailing list syncope-user@incubator.apache.org
Received: (qmail 75152 invoked by uid 99); 26 Mar 2012 14:57:00 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2012 14:57:00 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of bob.lannoy@gmail.com designates
 209.85.216.54 as permitted sender)
Received: from [209.85.216.54] (HELO mail-qa0-f54.google.com) (209.85.216.54)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Mar 2012 14:56:53 +0000
Received: by qao25 with SMTP id 25so2449808qao.6
        for <syncope-user@incubator.apache.org>;
 Mon, 26 Mar 2012 07:56:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=ahrXu5Tb6+xNl4MYlUxeQmPhzOnUmfngkw2bwsbmCpY=;
        b=mNruoipd4Mnj/SIqzU3aZheiPO/inPaKoazWFeMVZHn0nqPVUJhlll4li1wZ6qxmV6
         2zIPuuUzK7Yp1BpdKXQM79b33eoSmSTwP4GzKpd0nAuJfbzIh7jwB7psQ+LIcRc00i3F
         j363A81ATtP5YPIeZXGT7SJBPY2Fl3UiLKGE3OjysWJaX4y5X1ei2tJ3U2FWaAQrcFcB
         zZeGY6Hn+i6qD3rGjx93z2yjWlqylzt8kwF3la21nUlTbda9oKXIbqjXR6qaDAmDxuTa
         VEw/BlsVHrj4D9lpZammSfWB8cmV9wiqIjcsXpLtZXZ8NJbYG+/bCh+X/P86L4isw3zU
         QK5Q==
MIME-Version: 1.0
Received: by 10.229.137.85 with SMTP id v21mr8462015qct.70.1332773792367; Mon,
 26 Mar 2012 07:56:32 -0700 (PDT)
Received: by 10.229.166.194 with HTTP; Mon, 26 Mar 2012 07:56:32 -0700 (PDT)
Date: Mon, 26 Mar 2012 16:56:32 +0200
Message-ID: 
 <CANSL76KNqt6vGdi9Z2bC=M+__RRymH5Dm92PcFjgswZttAKNnw@mail.gmail.com>
Subject: Delegation & console
From: Bob Lannoy <bob.lannoy@gmail.com>
To: syncope-user@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I've been testing Syncope and I'm interested in the delegation
mechanism as described in
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization.

Suppose I have a role structure as follows:
root
- org1 (role_10)
-- user (role_12)
-- admin (role_11)
- org2
-- user
--admin

If I assign
role_11 = user_list/view/create/delete/update/create & role_10 & role_12

I would expect that a user in role_11 would be able to create a user.
Through the console however that user cannot create users.
Is this something that has to be done through the rest-interface directly?

regards

Bob