Thanks. This scenario works. On Thu, May 28, 2015 at 4:23 PM, Francesco Chicchiriccò <[email protected] > wrote:
> On 28/05/2015 08:17, Suresh wrote: > >> hi, >> >> 1. User creates his profile through self-registration >> 2. His parent manager approves and assigns resource and role id having >> entitlements to user_create and user_update. >> 3. User logs in, He is able to view all other users in the org as well as >> he is able to update all the users. >> >> I need something that user should be able to view profile of all user but >> should be able to update only his profile. >> > > Hi, > you should avoid assigning USER_CREATE and USER_UPDATE to such users, > then. Even with no entitlements at all, users are able to manage own data > by clicking on the username on the top right corner. > > The current authorization model is summarized in [1] and will be valid > until Syncope 2.0.0 is out, which will completely re-factor this aspect, as > described in [2]. > > HTH > Regards. > > [1] > https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization > [2] > https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC > http://people.apache.org/~ilgrosso/ > >
