On 26/04/2018 23:06, Alexander Tsvetkov wrote:
Hi all,
In our syncope application we have a lot of OrgUnits (Realms) and we
need to have a possibility to assign "OrgUnit Admin" role to some users.
As I understand I need to create "OrgUnit Admin" role for every
OrgUnit and for every role assign appropriate realm. BUT this doesn't
fit us as it lead to a big amount of roles in our system.
Is there any possibility to create one role "OrgUnit Admin" with some
permissions and assign it to user, so that all permissions from this
role will be applied only to OrgUnit to which belong the user?
Can “Dynamic USER Membership Conditions” or “Dynamic Realms” help with
this?
Hi,
I don't think you can do differently than creating as many Roles as the
Realms for which you need to grant delegated administration rights.
You say above that "this doesn't fit us as it lead to a big amount of
roles in our system": why "big amount"? It would be just the same number
of Realms, no?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
