We also want to use the role grouping mechanism, but for the ARBAC purposes described in a previous thread. I think the solution of using the existing groups objects to group roles will meet both use cases.
----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Friday, August 19, 2016 10:05:24 AM Subject: Re: [Apache Fortress] [FC-144] Questions on implementation of Role-to-Group relationship > On Aug 17, 2016, at 12:26 PM, Shawn McKinney <[email protected]> wrote: > > I was thinking about a much easier way. There is already a group object in > fortress: > https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/model/Group.java > > along with corresponding classes like GroupMgr, GroupDao, etc… > > Currently this group maps to users, we extend it to map to roles as well. > That is saying the memberof would be the dn of the role object, not of the > user. I should have pointed out earlier I have done some of the prep work for managing groups of roles. Here are the corresponding commits where you can see the changes that have been made: https://github.com/apache/directory-fortress-core/commit/015dfdf8287a924150920c871d4c206e107151c6 https://github.com/apache/directory-fortress-core/commit/a199f7a7dcb67e42c52cd1a262fd2faeed2acf39 But there will be more work to do, adding the apis described in FC-144: https://issues.apache.org/jira/browse/FC-144
