On Mon, Feb 6, 2017 at 7:18 AM, Isuru Haththotuwa <[email protected]> wrote:
> Hi Jayanga, > > On Fri, Jan 27, 2017 at 1:53 PM, Jayanga Kaushalya <[email protected]> > wrote: > >> On Fri, Jan 27, 2017 at 12:18 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> Hi Nuwan, >>> >>> On Fri, Jan 27, 2017 at 10:40 AM, Nuwan Dias <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> In C5, since Groups and Roles are supposed to be treated as two >>>> different entities, we need to clearly understand how to use them and a bit >>>> of their implementation details. I'm listing some assumptions and questions >>>> below, please see if the assumptions are correct and please provide answers >>>> to the questions too. >>>> >>>> *Assumptions* >>>> >>>> 1. Groups are in the LDAP (User Store) and Roles are in the Context of >>>> Carbon (in a DB schema introduced by WSO2 Products). >>>> >>> >>> Yes. User Store can be in Database as well. So Groups can exist in User >>> StoreDB schema as well. >>> >>> >>>> 2. Roles are always created through a carbon admin service (MSF4J). >>>> >>> >>> Yes. We have an OSGi service as well which exposes AuthorizationStore >>> API as a service. >>> >>> >>>> 3. Roles can be attached to users *and* groups. >>>> >>> >>> Yes. >>> >>> >>>> 4. Role to User and Role to Group mappings will be will be stored in a >>>> DB schema maintained by carbon. >>>> >>> >>> Yes. >>> >>> >>>> 5. Users, Roles and Groups will all have unique identifiers (ids) so >>>> that products don't have to maintain direct references to the their literal >>>> values. >>>> >>> >>> Yes. >>> >>> Another addition is Users and Groups can have attributes in C5. >>> >> Can the permission checking involve both roles and attributes? For an > example, can I restrict access to a resource based on a particular role as > well as an attribute? > No. Currently permission checking only involves with roles.
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
