On 12/12/2014 10:32 AM, Nicolas Eirea wrote: > Ok, i think we'll use add and drop activeRoles to limit the activated > roles... but we can't avoid the fact that our app has to maintain an > association of users, roles and location, can we??
Your use case was a good one: "We need that the bank teller assigned to a "Teller" role only act within role in the building of branch "A" of the bank, if the same bank teller goes to the building of branch "B" of the same bank he shouldn't act within the "Teller" role." Fortress manages two types of entity graphs for organization: userou & permou. It can maintain relationships: 1. many-to-many between adminrole to userou 2. many-to-many between admin to permou 3. one-to-many between user to userou 4. one-to-many between permobj to permou These relationships can be interrogated via the delegatedmanager interfaces. For this requirement the 3rd relationship may be of use.
