Francesco Chicchiriccò created SYNCOPE-1630:
-----------------------------------------------
Summary: Use Group owners to extend Delegated Administration
Key: SYNCOPE-1630
URL: https://issues.apache.org/jira/browse/SYNCOPE-1630
Project: Syncope
Issue Type: Improvement
Components: core
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
Fix For: 2.1.10, 3.0.0
Currently, [Delegated
Aministration|http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration]
is based on Realms and Dynamic Realms.
The former is quite static but widely used; the latter is extremely flexible
but not used in any deployment, in practice, because it quickly becomes slow
with real numbers.
An idea is to put in place some form of group-based authorization model: user A
is allowed to administer user B if (a) B is member of group G (b) A is owner of
G.
One advantage of such approach is that no changes in persistence would be
needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)