Hi Fabio, > Further, you have the method verifyPassword provided by UserController that > could be used to verify userid/password. > This method, for security reason can be called only by a user with USER_READ > capability.
Consider the use-case as mentioned by Bob, where you have a third party application which receives login credentials and wishes to authenticate the user, and retrieve the roles associated with that user for authorization. If the application logs on with the received username/password, then it is assuming that the given user has a USER_READ entitlement. IMO the application would log on with its own credentials, and wish to authenticate the given username/password via some kind of "authenticateUser" method as I mentioned before. Do you see a use-case for this kind of functionality or am I missing something? > Actually users have only the roles explicitly assigned. The question is whether it is possible to easily retrieve the hierarchy of roles for a particular user (or the authenticated user)? Thanks, Colm.
