[jira] [Updated] (SYNCOPE-1719) Remove limitations for memberships and relationships

Tue, 03 Jan 2023 04:09:06 -0800 


     [ 
https://issues.apache.org/jira/browse/SYNCOPE-1719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Francesco Chicchiriccò updated SYNCOPE-1719:
--------------------------------------------
    Description: 
A long while ago some limitations on memberships and relationships were 
imposed, e.g.

# A User or an Any Object can be members of Groups in the same realm or in one 
of the parent realms.
# A User or an Any object can be in a relation with Any Objects in the same 
realm or in one of parent realms.

The rationale behind this was about imposing limitations that could be enforced 
with delegated administration.

However, after some thorough review, there seems not to be valid reasons to 
maintain such restrictions anymore, as several settings are not available to 
design fine-grained delegated administration rights.

  was:
A long while ago some limitations on group members were imposed, e.g.

# A User or an Any Object can be members of Groups in the same realm or in one 
of the parent realms.
# A User or an Any object can be in a relation with Any Objects in the same 
realm or in one of parent realms.

The rationale behind this was about imposing limitations that could be enforced 
with delegated administration.

However, after some thorough review, there seems not to be valid reasons to 
maintain such restrictions anymore, as several settings are not available to 
design fine-grained delegated administration rights.


> Remove limitations for memberships and relationships
> ----------------------------------------------------
>
>                 Key: SYNCOPE-1719
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1719
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>            Priority: Major
>             Fix For: 3.0.1, 4.0.0
>
>
> A long while ago some limitations on memberships and relationships were 
> imposed, e.g.
> # A User or an Any Object can be members of Groups in the same realm or in 
> one of the parent realms.
> # A User or an Any object can be in a relation with Any Objects in the same 
> realm or in one of parent realms.
> The rationale behind this was about imposing limitations that could be 
> enforced with delegated administration.
> However, after some thorough review, there seems not to be valid reasons to 
> maintain such restrictions anymore, as several settings are not available to 
> design fine-grained delegated administration rights.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to