[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049326#comment-16049326 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit a2c5c100dcde30b5c4b32b644284353e22758aff in syncope's branch refs/heads/2_0_X from [~fmartelli] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=a2c5c10 ] [SYNCOPE-1067] fix to build with Java7 > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049304#comment-16049304 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 03d5364b14bb911358f8b468924e304576ff99da in syncope's branch refs/heads/master from [~fmartelli] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=03d5364 ] [SYNCOPE-1067] provides the possibility to select for a dynamic realms and manage object inside it > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049302#comment-16049302 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 65a0f14d49351b29ce8ba78b02916b9a72e7ad52 in syncope's branch refs/heads/2_0_X from [~fmartelli] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=65a0f14 ] [SYNCOPE-1067] provides the possibility to select for a dynamic realms and manage object inside it > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049097#comment-16049097 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit a21329eeabb33f5e2690f54ac30a6c34ecfa00c5 in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=a21329e ] [SYNCOPE-1067] Doc update > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049096#comment-16049096 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit c13f9e62653dd12485b22a50831225437a194ed7 in syncope's branch refs/heads/2_0_X from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=c13f9e6 ] [SYNCOPE-1067] Doc update > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044752#comment-16044752 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 23b1c9d76840fe0331edabbdcda239f477294181 in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=23b1c9d ] [SYNCOPE-1067] Fix build (2nd attempt) > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044711#comment-16044711 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit e8a961cc32bf9938c018f951d31e1a8fff533d4a in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=e8a961c ] [SYNCOPE-1067] Fix build > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044585#comment-16044585 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit a6f6b5c5d887228a67cdbad42a4b118c23bc0abb in syncope's branch refs/heads/2_0_X from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=a6f6b5c ] [SYNCOPE-1067] Management from Admin Console > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044226#comment-16044226 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 1ad3055802d6195dbaaeee186e512d38defdcaad in syncope's branch refs/heads/2_0_X from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=1ad3055 ] [SYNCOPE-1067] Check that any USER / GROUP / ANYOBJECT UPDATE under DynRealm authorization cannot alter the set of DynRealms > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044227#comment-16044227 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit f74ce5dee37f7e5157a3c84f00119d2ffa422e6f in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=f74ce5d ] [SYNCOPE-1067] Check that any USER / GROUP / ANYOBJECT UPDATE under DynRealm authorization cannot alter the set of DynRealms > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044109#comment-16044109 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit d6d52e1aca563168c3ad53f17ca0d9ae9370d427 in syncope's branch refs/heads/2_0_X from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=d6d52e1 ] [SYNCOPE-1067] Fix test execution > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16044110#comment-16044110 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 8683655c629421139ac81c641114153f7c01485f in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=8683655 ] [SYNCOPE-1067] Fix test execution > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16042908#comment-16042908 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit 062c87a25b78715edbbac66014b7abc342e4fd83 in syncope's branch refs/heads/2_0_X from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=062c87a ] [SYNCOPE-1067] Core modifications > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SYNCOPE-1067) More flexible delegated administration model
[ https://issues.apache.org/jira/browse/SYNCOPE-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16042909#comment-16042909 ] ASF subversion and git services commented on SYNCOPE-1067: -- Commit a1bb672317e9bbd605a19e89272456b3ca8066f6 in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=a1bb672 ] [SYNCOPE-1067] Core modifications > More flexible delegated administration model > > > Key: SYNCOPE-1067 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1067 > Project: Syncope > Issue Type: Improvement > Components: console, core >Reporter: Francesco Chicchiriccò >Assignee: Francesco Chicchiriccò > Fix For: 2.0.4, 2.1.0 > > > The current implementation of [delegated > administration|https://syncope.apache.org/docs/reference-guide.html#delegated-administration] > relies on Roles, where each Role associates a set of Entitlements (e.g. > administrative actions) to a set of Realms (e.g. containers for Users / > Groups / Any Objects). > This requires, however, that the set of Users / Groups / Any Objects to > administer is somehow statically defined by containment: "administrators with > role R can manage users under realms /a and /b" works as long as users to > administer are fully contained by the Realms /a and /b; but what if the set > of Users that R can administer needs to be dynamically defined, say by the > value of a 'department' attribute? -- This message was sent by Atlassian JIRA (v6.3.15#6346)
