On 07/02/2017 11:55, Colm O hEigeartaigh wrote:
Hi Francesco,
On Mon, Feb 6, 2017 at 10:31 AM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
- OR create a condition "User U is dynamically assigned
CustomRole R because he is member of Group G”. I don’t find
the way how to define this condition in Syncope.
Only group memberships and role assignments can be static or dynamic.
Would it be possible to make this more flexible without changing a lot
of code? If a user can have a UserCustomRole relationship to a
CustomRole, then if the user is a member of group G then the
relationship is dynamically defined between the user and CustomRole.
It seems like a useful thing to be able to do to me or is there a
technical reason why it can't be done?
So, you're essentially proposing to add the possibility to specify
relationships between Groups and Any Objects (at the moment, only Users
/ Any Objects and Any Objects / Any Objects).
The semantic should be that if group G has relationship R with Any
Object A, all users and any objects in G will have such relationship with A.
It is indeed feasible, but it will require some modifications in the
data model, JPA implementation, data binder and finally admin console.
Something not trivial but definitely doable.
Moreover, since it involves modifications in the database structure, I
would see it for 2.1.0 at earliest.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
