Hi Ed, Shiro doesn't currently have the concept of Groups at the moment - they're all 'roles' as far as Shiro is concerned.
I personally wouldn't model this as a permission - that could get crazy I think. Your latter approach would probably make more sense. In fact, this reminds me of a modeling conundrum I've been contemplating ad nauseum - I'll fire up a separate thread since it's not really related to your question. HTH, Les On Thu, May 5, 2011 at 3:45 PM, Ed Anuff <[email protected]> wrote: > We've been migrating to Shiro and I'm wondering about the best way to > implement group-specific roles in Shiro. In our system, groups are > primarily organizational (think a team or club) so are distinct from > roles. There are group-specific admin roles and groups can > arbitrarily create their own roles that aren't shared with any other > group. Would these types of roles be better implemented as > permissions ("groups:admin-role:group-id") or as a role with a naming > convention such as "group-id:admin". My sense is that latter is more > appropriate, but didn't want to go against the grain of Shiro.
