> On May 12, 2016, at 11:05 AM, Chris Pike <[email protected]> wrote: > > If I understand what you are proposing, we would create role groups, and each > role could belong to 0 or 1 groups. ARBAC roles could then point at 0 to N > groups?
The good news here is there is already a group data structure with apis in GroupMgr. The original intent for this was user grouping but it will work for roles as well. There will have to be a tweak to support both mappings. We’ll need to think about how to differentiate. One idea is they could go in separate trees, another is to add a type attribute to the entry. Shawn
