syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (JIRA) <j...@apache.org>
Subject [jira] [Assigned] (SYNCOPE-1067) More flexible delegated administration model
Date Thu, 25 May 2017 15:18:04 GMT

     [ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Francesco Chicchiriccò reassigned SYNCOPE-1067:
-----------------------------------------------

    Assignee: Francesco Chicchiriccò

> More flexible delegated administration model
> --------------------------------------------
>
>                 Key: SYNCOPE-1067
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1067
>             Project: Syncope
>          Issue Type: Improvement
>          Components: console, core
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 2.0.4, 2.1.0
>
>
> The current implementation of [delegated administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration]
relies on Roles, where each Role associates a set of Entitlements (e.g. administrative actions)
to a set of Realms (e.g. containers for Users / Groups / Any Objects).
> This requires, however, that the set of Users / Groups / Any Objects to administer is
somehow statically defined by containment: "administrators with role R can manage users under
realms /a and /b" works as long as users to administer are fully contained by the Realms /a
and /b; but what if the set of Users that R can administer needs to be dynamically defined,
say by the value of a 'department' attribute?
> Two approaches can be taken here:
> # extend the Role concept to map Entitlements to Realms and / or Groups
> # introduce the new concept of Virtual Realm, e.g. containers that are defined by a dynamic
conditions (as currently happening for Groups and Roles), and make Roles to map Entitlements
to Realms / Virtual Realms



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message