Hi jiaquan,
1. What is ootb mean? 2. Currently I'm not using it. 3. Yes, since it is a whitelist of permission. Currently, I think I have more than 2000 perms at my current implementation at my company. Anyway, what do you mean by best practice here? Is it about correctness how you implement it? Or how to exactly using fortress? Sorry for my bad English. Regards, Yudhi Karunia Surtan On Sun, Sep 15, 2019, 10:18 何嘉权 <[email protected]> wrote: > Hi mighty Fortress, > > My team is evaluating how Fortress could fit into our product as an access > control system. > > We've gone through the major official documents, set up a demo with the > REST enmasse as well as the Web commander, and played with it a little bit. > But we cannot find any best practice when it comes to our business > requirements. > > We've multiple tenants with organizations of users, and organizations of > resources. According to our understanding of Fortress, we've ideas: > > - Multiple tenants should be well supported as documented. > - User organization could be implemented with Fortress's role organization. > - Resource organization could be implemented with Fortress's perm object > organization. > > But then questions pop up and we fail to get any clue: > > - By adding a new tenant, there's no OOTB RESTful API. [1] > - User role inheritance is pretty powerful, but why do we still need Group > that doesn't have inheritance support? [2] > - If one tenant has 1,000 of resources, and each of them has READ/UPDATE > permission, is it expected to have 2,000 different permission objects in > Fortress? > > Thanks for any advice. > > [1] > > https://github.com/apache/directory-fortress-core/blob/master/README-MULTITENANCY.md > [2] https://directory.apache.org/fortress/gen-docs/latest/apidocs/ >
