Hi,
there is a nice feature in Syncope that you can include some extra
parameters to user -- role connection. This can be achieved by
adding new attributes to Membership schema. However you can not
connect a single user twice to the same role using two parallel
memberships with different membership arguments. This could be used
for example to describe the situation that a student u1 has a
Student role in two faculties F1 and F2:
membership(user: u1, role: Student, OU: F1, start: 1.1.2013, end:
31.12.2013)
membership(user: u1, role: student, OU: F2, start: 1.1.2013, end:
31.12.2014)
Could you change the system to allow this kind of parallel role
connections? Or is there something we can do?
Hi,
you are right, membership is unique, for each (user, role) pair.
In your scenario, I'd suggest to just model each Faculty as a
separate role, possibly with a common parent role.
Actually this is just the way we absolutely want to avoid. The result
would be cartesian product of roles and OUs
(https://wiki.evolveum.com/display/midPoint/Role+Explosion) and would
lead to hundreds or even thousands of roles. Your role design is so
near to a nice way to do it! Any possibiliest to redesign the model?
Regards,
Timo
