syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Syncope > RoleManagement
Date Fri, 23 Mar 2012 09:21:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/3/_/styles/combined.css?spaceKey=SYNCOPE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/SYNCOPE/RoleManagement">RoleManagement</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~massi">Massimiliano
Perrone</a>
    </h4>
        <br/>
                         <h4>Changes (8)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br># Click on _Roles_ tab.
<br></td></tr>
            <tr><td class="diff-changed-lines" ># Click on role you choose to
be parent of the new role you are going to <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">create
([Fig. Roles Tab|^Roles_1.png]).</span> <span class="diff-added-words"style="background-color:
#dfd;">create.</span> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">!Roles_1.png|thumbnail!
<br></td></tr>
            <tr><td class="diff-unchanged" ># Click on _Add child_ link. <br></td></tr>
            <tr><td class="diff-changed-lines" ># Provide attribute, derived attribute
and virtual attribute values by clicking on the corresponding <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">tabs
([Fig. Add Attributes|^Roles_4.png]).</span> <span class="diff-added-words"style="background-color:
#dfd;">tabs.</span> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">!Roles_4.png|thumbnail!
<br></td></tr>
            <tr><td class="diff-unchanged" >Provide derived attribute values by
using [JEXL Expressions|http://commons.apache.org/jexl/]. <br>Providing virtual attribute
remember that: <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >Further, you have to consider that
currently roles cannot be propagated so, actually, virtual role attributes are not used. 
<br>For more details about schema type take a look at [Schema, Attributes and Mapping|SchemaAttributesMapping].
<br></td></tr>
            <tr><td class="diff-changed-lines" ># Click on _Resources_ tab to
assign resources to the <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">role
([Fig. Choose resources|^Roles_2.png]).</span> <span class="diff-added-words"style="background-color:
#dfd;">role.</span> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">!Roles_2.png|thumbnail!
<br></td></tr>
            <tr><td class="diff-changed-lines" ># Click on _Entitlements_ tab
to assign entitlements to the <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">role
([Fig. Choose entitlements|^Roles_3.png]).</span> <span class="diff-added-words"style="background-color:
#dfd;">role.</span> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">!Roles_3.png|thumbnail!
 <br></td></tr>
            <tr><td class="diff-unchanged" ># Click on _Security_ tab to specify
account and password policies for the role. <br>Check _Inherit password policy_ to inherit
password policy from the parent or choose one from _Password Policy_. <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h1><a name="RoleManagement-Introduction"></a>Introduction</h1>
<p>A Role is an object that allows to group resource access rights to be assigned to
the users</p>

<p>Roles are usually used to model the company organization in order to grant security
and a consistent provisioning:</p>
<ul>
	<li>security is granted by assigning <a href="/confluence/display/SYNCOPE/AuthenticationAndAuthorization#AuthenticationAndAuthorization-Entitlements">entitlements</a>
to the roles;</li>
	<li>consistent provisioning is granted by assigning external resources to the roles
in order to perform a role-based provisioning.</li>
</ul>


<p>Roles are organized in a hierarchical way; each child can inherit attributes and
policies from the parent.</p>

<p>This wiki page aims to show how to manage roles via administration console.</p>

<h1><a name="RoleManagement-CreatenewRole"></a>Create new Role</h1>

<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role you choose to be parent of the new role you are going to create.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1329x448" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_1.png'><img
src="/confluence/download/thumbnails/27841550/Roles_1.png" style="border: 0px solid black"
/></a></span></li>
	<li>Click on <em>Add child</em> link.</li>
	<li>Provide attribute, derived attribute and virtual attribute values by clicking on
the corresponding tabs.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1326x582" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_4.png'><img
src="/confluence/download/thumbnails/27841550/Roles_4.png" style="border: 0px solid black"
/></a></span><br/>
Provide derived attribute values by using <a href="http://commons.apache.org/jexl/" class="external-link"
rel="nofollow">JEXL Expressions</a>.<br/>
Providing virtual attribute remember that:
	<ul>
		<li>virtual attribute values won't be stored locally.</li>
		<li>virtual attribute values will be propagated onto external resources assigned.</li>
		<li>virtual attribute values will be retrieved from the external resources assigned.<br/>
Further, you have to consider that currently roles cannot be propagated so, actually, virtual
role attributes are not used. <br/>
For more details about schema type take a look at <a href="/confluence/display/SYNCOPE/SchemaAttributesMapping"
title="SchemaAttributesMapping">Schema, Attributes and Mapping</a>.</li>
	</ul>
	</li>
	<li>Click on <em>Resources</em> tab to assign resources to the role.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1321x602" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_2.png'><img
src="/confluence/download/thumbnails/27841550/Roles_2.png" style="border: 0px solid black"
/></a></span></li>
	<li>Click on <em>Entitlements</em> tab to assign entitlements to the role.<br/>
<span class="image-wrap" style=""><a class="confluence-thumbnail-link 1326x576" href='https://cwiki.apache.org/confluence/download/attachments/27841550/Roles_3.png'><img
src="/confluence/download/thumbnails/27841550/Roles_3.png" style="border: 0px solid black"
/></a></span> </li>
	<li>Click on <em>Security</em> tab to specify account and password policies
for the role.<br/>
Check <em>Inherit password policy</em> to inherit password policy from the parent
or choose one from <em>Password Policy</em>.<br/>
Check <em>Inherit account policy</em> to inherit account policy from the parent
or choose one from <em>Account Policy</em>.</li>
	<li>Click on <em>Save</em> button.</li>
</ol>



<p>Image:Roles_1.png|Fig. Roles Tab<br/>
Image:Roles_2.png|Fig. Choose resources<br/>
Image:Roles_3.png|Fig. Choose entitlements<br/>
Image:Roles_4.png|Fig. Add Attributes</p>


<h1><a name="RoleManagement-EditRole"></a>Edit Role</h1>
<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role to be modified (<a href="/confluence/download/attachments/27841550/Roles_1.png?version=1&amp;modificationDate=1332494312599">Fig.
Roles Tab</a>).</li>
	<li>Click on <em>Edit</em> link an provide information as shown at <a
href="#RoleManagement-CreatenewRole">Create new Role</a> paragraph.</li>
	<li>Click on <em>Save</em> button.</li>
</ol>


<h1><a name="RoleManagement-DeleteRole"></a>Delete Role</h1>
<ol>
	<li>Click on <em>Roles</em> tab.</li>
	<li>Click on role to be modified (<a href="/confluence/download/attachments/27841550/Roles_1.png?version=1&amp;modificationDate=1332494312599">Fig.
Roles Tab</a>).</li>
	<li>Click on <em>Drop</em> link.</li>
	<li>Confirm operation.</li>
</ol>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/SYNCOPE/RoleManagement">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27841550&revisedVersion=4&originalVersion=3">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/SYNCOPE/RoleManagement?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message