Hi everyone, I'm currently taking a look at the inner data model of Syncope, and what we can do with it.
S
o far I understood the way to extend user attributes, the difference
between plain/derived/virtual attributes, resources mappings, Syncope
entitlements, password policies etc.
W
hen it comes to roles, there are few questions I couldn't answer to while
reading the wiki :
- What is the purpose of the role tree ? Is it only as a tidy
presentation purpose ? Or is there a feature behing like scoping admin
rights on sub-parts of the roles set ?
- Can we create role inclusions ? Like giving role A to a user, also
gives the user roles S and T ?
- Can we specify parameters or some kind of attribute to a role in order
to specialized it ?
- As an example can I have a unique "Buyer" role, with a parameters
that sets his max $amount and another that sets his geographic area ?
- Then I would like to have actions based on those parameters :
- geographic areas may have differents ADs/LDAP so I'd like to
provision different resources regarding the geographic parameter
- max $amount would also be useful to give different entitlements
in the resource (LDAP groups for example)
- Are the owner fields of a role attached to Syncope entitlements in a
way ? The owners can update/delete the role ? I couldn't test that case as
Syncope crashes when my owner tries to read the role (see attached file "
*Alert:** Error while contacting Syncope core*"). Error in logs :
*org.apache.catalina.core.StandardWrapperValve* invoke SEVERE:
Servlet.service() for servlet [syncope-core-rest] in context with path
[/syncope] threw exception [Request processing failed; nested exception is *
org.apache.syncope.core.rest.controller.UnauthorizedRoleException*: Missing
entitlement for role(s) [1]] with root
causeorg.apache.syncope.core.rest.controller.UnauthorizedRoleException:
*Missing
entitlement for role(s) [1]*
--
*
Salim BOULKOUR*
<<attachment: Capture.PNG>>
