Yes, but our reality also require that an User could have more than one userou associated.
Example: a bank teller has the role "Teller" activated in branch "A" and "B" but not in branch "C". Or other roles for some branches and others not. 2014-12-12 15:12 GMT-02:00 Shawn McKinney <[email protected]>: > > On 12/12/2014 10:32 AM, Nicolas Eirea wrote: > > Ok, i think we'll use add and drop activeRoles to limit the activated > > roles... but we can't avoid the fact that our app has to maintain an > > association of users, roles and location, can we?? > > Your use case was a good one: > > "We need that the bank teller assigned to a "Teller" role only act within > role in the building of branch "A" of the bank, if the same bank teller > goes to the building of branch "B" of the same bank he shouldn't act within > the "Teller" role." > > Fortress manages two types of entity graphs for organization: userou & > permou. It can maintain relationships: > > 1. many-to-many between adminrole to userou > 2. many-to-many between admin to permou > 3. one-to-many between user to userou > 4. one-to-many between permobj to permou > > These relationships can be interrogated via the delegatedmanager > interfaces. For this requirement the 3rd relationship may be of use. >
