[
https://issues.apache.org/jira/browse/JS2-873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12626924#action_12626924
]
Ate Douma commented on JS2-873:
-------------------------------
Work for the issues JS2-870, JS2-872 and JS2-873 will commence in the separate
security-refactoring branch (branched off the JS2-869 branch).
> Simplified parent-child relationship model for Roles and Groups
> ---------------------------------------------------------------
>
> Key: JS2-873
> URL: https://issues.apache.org/jira/browse/JS2-873
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: Admin Portlets, Security
> Affects Versions: 2.2
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2
>
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> The current Jetspeed security role/group model *technically* supports a
> hierarchical relationship.
> In practice though, this isn't used really, nor do the j2-admin portlets
> support it through the UI.
> Furthermore, the hierarchical relationship is based on a specific
> (preferences) hierarchy naming which really doesn't fit well (better said:
> not at all) with a backend like LDAP.
> The current model simply cannot be used with LDAP for using role-group
> relationships.
> A typical use-case requiring a more simple and straighforward solution:
> - defining organisation divisions and subdivisions as groups and defining a
> parent-child relationship between them
> - a user belonging to a division group then also belongs to any subdivision
> group of that division
> - the same goes for roles, the user could automatically inherit the roles
> assigned to the subdivision group.
> As AFAIK the hierarchical relationship model isn't used at all right now,
> this issue will resolve its complexity and limitation by replacing it with
> "flat" parent-child relationships:
> - only support non-hierarchical groups and roles
> - allow a group or role needs to be defined as child of another group or role
> - just need a security-role-role and security-group-group table (and
> corresponding LDAP mapping)
> - check/enforce no circular references can be created
> - adding UI support for this will be rather easy: we already have support for
> the group-role relationships, this is just more of the same
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
