syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Syncope > Roles
Date Fri, 23 Mar 2012 10:48:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/3/_/styles/combined.css?spaceKey=SYNCOPE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SYNCOPE/Roles">Roles</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~ilgrosso">Francesco
Chicchiricco</a>
    </h4>
        <br/>
                         <h4>Changes (3)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-added-lines" style="background-color: #dfd;">{toc:style=decimal}
<br></td></tr>
            <tr><td class="diff-unchanged" >h1. Introduction <br>A Role
is an object that allows to group resource access rights to be assigned to the users <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >h1. Edit Role <br># Click on
_Roles_ tab. <br></td></tr>
            <tr><td class="diff-changed-lines" ># Click on role to be modified
([Fig. Roles <span class="diff-changed-words">Tab|<span class="diff-added-chars"style="background-color:
#dfd;">Roles</span>^Roles_1.png]).</span> <br></td></tr>
            <tr><td class="diff-unchanged" ># Click on _Edit_ link an provide
information as shown at [Create new Role|#Create new Role] paragraph. <br># Click on
_Save_ button. <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >h1. Delete Role <br># Click
on _Roles_ tab. <br></td></tr>
            <tr><td class="diff-changed-lines" ># Click on role to be modified
([Fig. Roles <span class="diff-changed-words">Tab|<span class="diff-added-chars"style="background-color:
#dfd;">Roles</span>^Roles_1.png]).</span> <br></td></tr>
            <tr><td class="diff-unchanged" ># Click on _Drop_ link. <br>#
Confirm operation. <br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
div.rbtoc1332499633620 {margin-left: 1.5em;padding: 0px;}
div.rbtoc1332499633620 ul {list-style: decimal;margin-left: 0px;}
div.rbtoc1332499633620 li {margin-left: 0px;padding-left: 0px;}

/*]]>*/</style><div class='rbtoc1332499633620'>
<ul>
    <li><a href='#Roles-Introduction'>Introduction</a></li>
    <li><a href='#Roles-CreatenewRole'>Create new Role</a></li>
    <li><a href='#Roles-EditRole'>Edit Role</a></li>
    <li><a href='#Roles-DeleteRole'>Delete Role</a></li>
</ul></div>
<h1><a name="Roles-Introduction"></a>Introduction</h1>
<p>A Role is an object that allows to group resource access rights to be assigned to
the users</p>

<p>Roles are usually used to model the company organization in order to grant security
and a consistent provisioning:</p>
<ul>
	<li>security is granted by assigning <a href="/confluence/display/SYNCOPE/Authentication+and+authorization#Authenticationandauthorization-Entitlements">entitlements</a>
to the roles;</li>
	<li>consistent provisioning is granted by assigning external resources to the roles
in order to perform a role-based provisioning.</li>
</ul>


<p>Roles are organized in a hierarchical way; each child can inherit attributes and
policies from the parent.</p>

<p>This wiki page aims to show how to manage roles via administration console.</p>

<h1><a name="Roles-CreatenewRole"></a>Create new Role</h1>

<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role you choose to be parent of the new role you are going to create.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1329x448" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_1.png'><img
src="/confluence/download/thumbnails/27841550/Roles_1.png" style="border: 0px solid black"
/></a></span></li>
	<li>Click on <em>Add child</em> link.</li>
	<li>Provide attribute, derived attribute and virtual attribute values by clicking on
the corresponding tabs.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1326x582" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_4.png'><img
src="/confluence/download/thumbnails/27841550/Roles_4.png" style="border: 0px solid black"
/></a></span><br/>
Provide derived attribute values by using <a href="http://commons.apache.org/jexl/" class="external-link"
rel="nofollow">JEXL Expressions</a>.<br/>
Providing virtual attribute remember that:
	<ul>
		<li>virtual attribute values won't be stored locally.</li>
		<li>virtual attribute values will be propagated onto external resources assigned.</li>
		<li>virtual attribute values will be retrieved from the external resources assigned.<br/>
Further, you have to consider that currently roles cannot be propagated so, actually, virtual
role attributes are not used. <br/>
For more details about schema type take a look at <a href="/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping"
title="Schema, attributes and mapping">Schema, Attributes and Mapping</a>.</li>
	</ul>
	</li>
	<li>Click on <em>Resources</em> tab to assign resources to the role.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1321x602" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_2.png'><img
src="/confluence/download/thumbnails/27841550/Roles_2.png" style="border: 0px solid black"
/></a></span></li>
	<li>Click on <em>Entitlements</em> tab to assign entitlements to the role.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1326x576" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_3.png'><img
src="/confluence/download/thumbnails/27841550/Roles_3.png" style="border: 0px solid black"
/></a></span> </li>
	<li>Click on <em>Security</em> tab to specify account and password policies
for the role.<br/>
Check <em>Inherit password policy</em> to inherit password policy from the parent
or choose one from <em>Password Policy</em>.<br/>
Check <em>Inherit account policy</em> to inherit account policy from the parent
or choose one from <em>Account Policy</em>.</li>
	<li>Click on <em>Save</em> button.</li>
</ol>



<p>Image:Roles_1.png|Fig. Roles Tab<br/>
Image:Roles_2.png|Fig. Choose resources<br/>
Image:Roles_3.png|Fig. Choose entitlements<br/>
Image:Roles_4.png|Fig. Add Attributes</p>


<h1><a name="Roles-EditRole"></a>Edit Role</h1>
<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role to be modified (<a href="/confluence/download/attachments/27841550/Roles_1.png?version=1&amp;modificationDate=1332494312599">Fig.
Roles Tab</a>).</li>
	<li>Click on <em>Edit</em> link an provide information as shown at <a
href="#Roles-CreatenewRole">Create new Role</a> paragraph.</li>
	<li>Click on <em>Save</em> button.</li>
</ol>


<h1><a name="Roles-DeleteRole"></a>Delete Role</h1>
<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role to be modified (<a href="/confluence/download/attachments/27841550/Roles_1.png?version=1&amp;modificationDate=1332494312599">Fig.
Roles Tab</a>).</li>
	<li>Click on <em>Drop</em> link.</li>
	<li>Confirm operation.</li>
</ol>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/SYNCOPE/Roles">View Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27841550&revisedVersion=7&originalVersion=6">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/SYNCOPE/Roles?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message