[
https://issues.apache.org/jira/browse/SYNCOPE-1630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17342377#comment-17342377
]
ASF subversion and git services commented on SYNCOPE-1630:
----------------------------------------------------------
Commit bdeeac98bddfc264a5c0a4576b4f8bab0ffa015f in syncope's branch
refs/heads/2_1_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=bdeeac9 ]
[SYNCOPE-1630] (1) centralize security checks in DAOs (2) improve
JPAAnySearchDAO and (3) adjust Console
> Use Group owners to extend Delegated Administration
> ---------------------------------------------------
>
> Key: SYNCOPE-1630
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1630
> Project: Syncope
> Issue Type: Improvement
> Components: core, documentation
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.1.10, 3.0.0
>
>
> Currently, [Delegated
> Aministration|http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration]
> is based on Realms and Dynamic Realms.
> The former is quite static but widely used; the latter is extremely flexible
> but not used in any deployment, in practice, because it quickly becomes slow
> with real numbers.
> An idea is to put in place some form of group-based authorization model: user
> A is allowed to administer user B if (a) B is member of group G (b) A is
> owner of G.
> One advantage of such approach is that no changes in persistence would be
> needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
