I created two new issues, FC-195 and FC-196
To answer your question, a new permission would be in a new PermOU that no
existing ARBAC role could have jurisdiction over. So every relevant ARBAC role
would have to be updated.
----- Original Message -----
From: "Shawn McKinney" <smckin...@apache.org>
Sent: Tuesday, October 11, 2016 6:21:45 PM
Subject: Re: ARBAC Perm OU change proposal (was Access Manager Role Filtering)
Ok this is good. Let’s get a ticket opened with this info. That way of we
don’t have to fish around our email for it later.
I’m still working my way thru it but had a quick question below….
> On Oct 11, 2016, at 4:11 PM, Chris Pike <clp...@psu.edu> wrote:
> End State:
> account.create.do -> POU1
> account.reset.do -> POU2
> account.delete.do -> POU3
> AR1 -> POU1
> AR2 -> POU2, POU3
> AR3 -> POU1, POU2, POU3
> Issues / Notes:
> - A one to one mapping between Permissions and PermOUs
> - Adding a new permission may require updating many ARBAC roles
Why would adding a new permission require updating many roles?