Return-Path: <commits-return-9826-archive-asf-public=cust-asf.ponee.io@syncope.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 41327200CF2
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue,  8 Aug 2017 12:41:00 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 3FCFF165DCE; Tue,  8 Aug 2017 10:41:00 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 83DD5165DAD
	for <archive-asf-public@cust-asf.ponee.io>; Tue,  8 Aug 2017 12:40:59 +0200 (CEST)
Received: (qmail 30552 invoked by uid 500); 8 Aug 2017 10:40:58 -0000
Mailing-List: contact commits-help@syncope.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@syncope.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@syncope.apache.org>
List-Post: <mailto:commits@syncope.apache.org>
List-Id: <commits.syncope.apache.org>
Reply-To: dev@syncope.apache.org
Delivered-To: mailing list commits@syncope.apache.org
Received: (qmail 30496 invoked by uid 99); 8 Aug 2017 10:40:57 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Aug 2017 10:40:57 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 9A496F32AC; Tue,  8 Aug 2017 10:40:55 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: ilgrosso@apache.org
To: commits@syncope.apache.org
Date: Tue, 08 Aug 2017 10:40:58 -0000
Message-Id: <a1cf56b66ba348d09a2b16b0d6077825@git.apache.org>
In-Reply-To: <416b1af5906344858621dded7acdf51c@git.apache.org>
References: <416b1af5906344858621dded7acdf51c@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [4/4] syncope git commit: [SYNCOPE-1189] Clarifying about additional
 entitlements needed for delegated administration via Admin Console
archived-at: Tue, 08 Aug 2017 10:41:00 -0000

[SYNCOPE-1189] Clarifying about additional entitlements needed for delegated administration via Admin Console


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/b7458d07
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/b7458d07
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/b7458d07

Branch: refs/heads/master
Commit: b7458d070f88a18ea098dc0196177a502f0623ac
Parents: 0d93a3a
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Aug 8 12:40:22 2017 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Aug 8 12:40:45 2017 +0200

----------------------------------------------------------------------
 pom.xml                                         |  4 ++--
 .../reference-guide/concepts/roles.adoc         | 22 ++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/b7458d07/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 3c23485..6c7bb02 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2257,7 +2257,7 @@ under the License.
           <plugin>
             <groupId>org.asciidoctor</groupId>
             <artifactId>asciidoctor-maven-plugin</artifactId>
-            <version>1.5.6</version>
+            <version>1.5.5</version>
             <dependencies>
               <dependency>
                 <groupId>org.asciidoctor</groupId>
@@ -2267,7 +2267,7 @@ under the License.
               <dependency>
                 <groupId>org.asciidoctor</groupId>
                 <artifactId>asciidoctorj</artifactId>
-                <version>1.5.5</version>
+                <version>1.5.6</version>
               </dependency>
             </dependencies>
             <configuration>

http://git-wip-us.apache.org/repos/asf/syncope/blob/b7458d07/src/main/asciidoc/reference-guide/concepts/roles.adoc
----------------------------------------------------------------------
diff --git a/src/main/asciidoc/reference-guide/concepts/roles.adoc b/src/main/asciidoc/reference-guide/concepts/roles.adoc
index 662febc..63949f4 100644
--- a/src/main/asciidoc/reference-guide/concepts/roles.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/roles.adoc
@@ -81,3 +81,25 @@ The practical consequence of this setting is that Users owning a Group (either b
 or members of the owning group) is that they are entitled to perform all operations (create, update, delete, ...) on the
 owned group, regardless of the Realm.
 ====
+
+[[delegated-administration-console]]
+[TIP]
+.Delegated Administration via Admin Console
+====
+When administering via <<REST>>, the entitlements to be granted to delegated administrators are straightforward:
+`USER_CREATE` for certain <<Realms>> will allow to create users under such Realms.
+
+When using the <<Admin Console>>, instead, more entitlements are generally required: this because the underlying
+implementation takes care of simplifying the UX as much as possible. +
+For example, the following entitlements are normally required to be granted for user administration, besides the actual
+`USER_CREATE`, `USER_UPDATE` and `USER_DELETE`:
+
+. `USER_SEARCH`
+. `USER_LIST`
+. `ANYTYPECLASS_READ`
+. `ANYTYPE_LIST`
+. `ANYTYPECLASS_LIST`
+. `USER_READ`
+. `ANYTYPE_READ`
+. `REALM_LIST`
+====