[jira] [Resolved] (SYNCOPE-1067) More flexible delegated administration model

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Resolved] (SYNCOPE-1067) More flexible delegated administration model

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

fabio martelli resolved SYNCOPE-1067.
    Resolution: Fixed

> More flexible delegated administration model
> --------------------------------------------
>                 Key: SYNCOPE-1067
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1067
>             Project: Syncope
>          Issue Type: Improvement
>          Components: console, core
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 2.0.4, 2.1.0
> The current implementation of [delegated administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] relies on Roles, where each Role associates a set of Entitlements (e.g. administrative actions) to a set of Realms (e.g. containers for Users / Groups / Any Objects).
> This requires, however, that the set of Users / Groups / Any Objects to administer is somehow statically defined by containment: "administrators with role R can manage users under realms /a and /b" works as long as users to administer are fully contained by the Realms /a and /b; but what if the set of Users that R can administer needs to be dynamically defined, say by the value of a 'department' attribute?

This message was sent by Atlassian JIRA