Lets asume one is using Fortress as a central place for RBAC. Over time
there will be a lot or roles and groups
for different things. As an integrator to other systems like in my case
Midpoint i am not interested in transfering all roles and groups.
So my approach would be to write some aux classes and assign them to the
roles and groups. For instance auxclass MidpointObject.
In my Midpoint connector i would only fetch roles and groups which have
aux class MidpointObject assigned.
So i can only provide really those things which are midpoint specific
and not roles or groups which may not be of interest or even
more import which security wise relevant.
One use case for me would be i dont want to transfer all the Fortress
Roles to Midpoint where one would gain access to Fortress :)
Does that make sense ?
Am 20.10.2016 um 15:00 schrieb Shawn McKinney:
On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]> wrote:
- Please consider the possibility also for Groups or Roles
I get groups but why roles? Can you provide a specific use case of what those
attributes would be and why?
On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <[email protected]> wrote:
- It should also be possible to set/get these extra data through the
REST interface
Agreed. Everything that can be done via api call must also be doable via rest.
LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail:
[email protected]
