syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [4/4] syncope git commit: [SYNCOPE-1189] Clarifying about additional entitlements needed for delegated administration via Admin Console
Date Tue, 08 Aug 2017 10:40:58 GMT
[SYNCOPE-1189] Clarifying about additional entitlements needed for delegated administration
via Admin Console


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/b7458d07
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/b7458d07
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/b7458d07

Branch: refs/heads/master
Commit: b7458d070f88a18ea098dc0196177a502f0623ac
Parents: 0d93a3a
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Aug 8 12:40:22 2017 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Aug 8 12:40:45 2017 +0200

----------------------------------------------------------------------
 pom.xml                                         |  4 ++--
 .../reference-guide/concepts/roles.adoc         | 22 ++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/b7458d07/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 3c23485..6c7bb02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2257,7 +2257,7 @@ under the License.
           <plugin>
             <groupId>org.asciidoctor</groupId>
             <artifactId>asciidoctor-maven-plugin</artifactId>
-            <version>1.5.6</version>
+            <version>1.5.5</version>
             <dependencies>
               <dependency>
                 <groupId>org.asciidoctor</groupId>
@@ -2267,7 +2267,7 @@ under the License.
               <dependency>
                 <groupId>org.asciidoctor</groupId>
                 <artifactId>asciidoctorj</artifactId>
-                <version>1.5.5</version>
+                <version>1.5.6</version>
               </dependency>
             </dependencies>
             <configuration>

http://git-wip-us.apache.org/repos/asf/syncope/blob/b7458d07/src/main/asciidoc/reference-guide/concepts/roles.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/roles.adoc b/src/main/asciidoc/reference-guide/concepts/roles.adoc
index 662febc..63949f4 100644
--- a/src/main/asciidoc/reference-guide/concepts/roles.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/roles.adoc
@@ -81,3 +81,25 @@ The practical consequence of this setting is that Users owning a Group
(either b
 or members of the owning group) is that they are entitled to perform all operations (create,
update, delete, ...) on the
 owned group, regardless of the Realm.
 ====
+
+[[delegated-administration-console]]
+[TIP]
+.Delegated Administration via Admin Console
+====
+When administering via <<REST>>, the entitlements to be granted to delegated
administrators are straightforward:
+`USER_CREATE` for certain <<Realms>> will allow to create users under such Realms.
+
+When using the <<Admin Console>>, instead, more entitlements are generally required:
this because the underlying
+implementation takes care of simplifying the UX as much as possible. +
+For example, the following entitlements are normally required to be granted for user administration,
besides the actual
+`USER_CREATE`, `USER_UPDATE` and `USER_DELETE`:
+
+. `USER_SEARCH`
+. `USER_LIST`
+. `ANYTYPECLASS_READ`
+. `ANYTYPE_LIST`
+. `ANYTYPECLASS_LIST`
+. `USER_READ`
+. `ANYTYPE_READ`
+. `REALM_LIST`
+====


Mime
View raw message