I also faced this problem before. A common solution is to prefix the roles with the application name like: mail_admin, web_admin or similar.
Are there other solutions/best practices to the problem that the roles often depend on the application or realm? Christian 2013/4/29 Oliver Wulff <[email protected]> > Hi there > > > > In our environment each application has its own roles assigned. Which > means you might have the ADMIN role for application A but not for > application B. Does Syncope already support this functionality? Or might it > be supported in the future? > > > > To map this to LDAP, global (application/realm independent) roles could be > defined in the entry "ou=groups" whereas application specific roles are > defined in the entry "ou=<application id>,ou=groups,...". > > > > What do you think? > > > > Thanks > > Oli >
