Greetings, An item, I was thinking that would be useful would be the ability to manually link/unlink a single user to a resource. This could be very useful in a situation where a user's username may be different across resources.
I suspect this may be tricky, since there would be a username mapping most likely defined in the schema mapping, but perhaps, store a flag per user/resource so Syncope knows to ignore the mapping, and use the manually linked account on the resource? We have a use-case where users have a matching account on a resource. We have a concept of privileged accounts, that are in addition to your normal ldap/ad account. So I was thinking I could define the ldap server as two different resources, one for the matching account, and one for the privileged account. However I am not sure how link the privileged account to user's account. I think if the privileged accounts used a static naming patter, I could create a schema matching, but alas I am not sure that is an option. Thoughts, suggestions? Thanks, -Tylor -- *Tylor Sampson Portland State University Office of Information Technology* *oit.pdx.edu* <http://oit.pdx.edu/> On Thu, Apr 19, 2012 at 5:25 AM, Fabio Martelli <[email protected]>wrote: > > Il giorno 19/apr/2012, alle ore 11.20, Bob Lannoy ha scritto: > > > Hi guys, > > > > this is something I would like to have. A "normal user" that can only > > create users and assign roles to them doesn't need to see all the tabs > > like "derived attributes", "virtual attributes", resources, ... > > Maybe this could be mapped to "UI-entitlements". > > A simplified console as you like. > > That's right but I wouldn't use entitlements; I'd prefer an approach > template oriented like userTemplates defined for synchronization tasks. > > > I would even go as far as limiting the roles a such a user can see. > > Something like a scope or base (show roles underneath role_XX) . But > > this is probably something very specific to my use of Syncope since I > > would like to have several organisations in a role tree. > > By using a good template we should be able to apply a restriction on: > * roles > * resources > * memberships and membership attributes (normal, derived and virtual) > * user attributes > * user derived attributes > * user virtual attributes > > > As I understand it, for the moment I would have to make a custom > > UserModalPage to handle this. > > Can someone give me an example how I do this with the maven overlay? > > You have to perform the following steps: > * create the project [1] > * add your new UserModalPage using the same package (may be editing a copy > of the original class) > * add your UserModalPage.html and UserModalPage[_it | _nl | _de].properties > * build and deploy > > [1] > https://cwiki.apache.org/confluence/display/SYNCOPE/Create+a+new+Syncope+project > > Regards, > F. > > > On 19 April 2012 10:50, Fabio Martelli <[email protected]> wrote: > >> > >> Il giorno 19/apr/2012, alle ore 10.12, Marco Di Sabatino Di Diodoro ha > scritto: > >> > >>> Suggest: > >>> > >>> Possibility to specify a custom user form with a set of attributes for > the members of an role. > >>> The user assigned the role will use this user form when creating or > editing users. A user form assigned through a role overrides the default > user form of Apache Syncope. > >> > >> You are suggesting to add something to restrict user information to be > managed by a certain administrator, right? > >> > >> In this way you can say that an user, delegated to manage users under > certain conditions (by adding roles to admin and users), can manage > attributes, resources, roles and so on in respect of what specified by a > certain template provided by the core. > >> The UserModalPage of the administration console should become more > parametric than now by showing only the fields specified by the core (if > template is provided). > >> > >> This shouldn't be a second level of security but just a presentation > issue, right? > >> > >> Regards, > >> F. > >> > >>> > >>> WDYT? > >>> > >>> Marco > >>> -- > >>> > >>> Dott. Marco Di Sabatino Di Diodoro > >>> Tel. +39 3939065570 > >>> > >>> Tirasa S.r.l. > >>> Viale D'Annunzio 267 - 65127 Pescara > >>> Tel +39 0859116307 / FAX +39 0859111173 > >>> http://www.tirasa.net > >>> > >>> Apache Syncope PPMC Member > >>> http://people.apache.org/~mdisabatino > >>> > >>> > >>> > >>> > >> > >
