[
https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15392291#comment-15392291
]
Kseniya Tychkova commented on FC-144:
-------------------------------------
Shawn, unfortunately there is no way to map Keystone groups to Fortress roles
right now.
Possible solution is to create in Keystone roles backend for Fortress REST. It
can be done.
But what about roles for group or orgUnit?
Is it break an architecture or requires a lot of code?
> Ability to assign groups to roles
> ---------------------------------
>
> Key: FC-144
> URL: https://issues.apache.org/jira/browse/FC-144
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 1.0.0-RC40
> Reporter: Florin Stingaciu
>
> We are currently working on performing an integration between Openstack
> Keystone and Fortress Core. We will use Fortress as the authorization backend
> for the rest of Openstack. We have managed to map most of the current
> functionality in Openstack within the Fortress schema except for the ability
> to assign roles to a group.
> I've spoken with [~smckinney], and he determined this improvement is a
> feasible addition to Fortress's feature set. After a number of back and
> forths, we have come up with the following requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session,
> Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal
> constrains will not be utilized as this functionality has not been defined in
> Openstack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
