On 28/05/2015 08:17, Suresh wrote:
hi,
1. User creates his profile through self-registration
2. His parent manager approves and assigns resource and role id having
entitlements to user_create and user_update.
3. User logs in, He is able to view all other users in the org as well
as he is able to update all the users.
I need something that user should be able to view profile of all user
but should be able to update only his profile.
Hi,
you should avoid assigning USER_CREATE and USER_UPDATE to such users,
then. Even with no entitlements at all, users are able to manage own
data by clicking on the username on the top right corner.
The current authorization model is summarized in [1] and will be valid
until Syncope 2.0.0 is out, which will completely re-factor this aspect,
as described in [2].
HTH
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
[2] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
