Hi all,
I'm actually trying to setup a simple apache syncope environment with hierarchy realms tree. I use groups in each realm in order to manages roles. Then I would be able, using group membership, to apply the right privileges easily for each realm specifically. I created a bunch of users in root realm thinking that it would be possible to set them in groups of different sub-realm. But no way to see the realms group when I try give them membership. For exemple, I have two branches like : /A/B1 and /A/B2 For each of these realms, I have a group "Support" I would like my user j...@doe.com to be the support guy of both realm (of course applying for those member of the group a bunch of entitlements, roles, etc. for the realm) How ? I thought first that to create the user in /A or in / would be enough... but nope, I cannot create membership for sub-realm on user panel. The question is, is it possible for a User in realm / to be member of groups in /sub-realms ? Indeed, I see that a user in /A/B/C can be part of any group of parent realms (And this is written this way in the doc). I'am a bit confused, maybe thinking too much in an "ldap" way... but as /A/B belongs to /A which belongs to / I would think the opposite way (A user can belong to any sub-realm group). Do you an an Idea of how should I do this kind of scenario ? Thanks a lot. An.
