Hi,
please find my replies embedded below.
Regards.
On 08/12/18 23:29, Ciusso Hb wrote:
Hi all, this is my first message and I've got a bunch of questions.
Apache Syncope looks really good and it's my plan to use it to manage
users of various branches of the same organization.
I don't need different Domains (that I see like "tenant", is this
correct?), but I would like to be able to logically "segregate" users.
To achieve that my idea is to use Realms, is this a good choice?
It depends on what you mean by "segregate": at which level you would
like to separate users? With domains [1] you will end up in storing user
entries onto different tables in different databases; without them,
users will go anyway onto the same table.
Realms [2] are meant for simplifying the definition of delegated
administration [3].
The number of branches will be 50k, 1 to 10 users each.
It will be possible the need to have "sub-branches" (max 2 levels).
The number of Realms can be a problem?
No.
The number of users can be a problem?
50k * 10 = 500k users; not an issue, especially if you plan to use
Syncope with PostgreSQL JSONB [4].
The use of many Realms can make performance worse?
I don't think so: there should be enough indexes in the db to support
such configuraiton.
A user from a Realm can see all users from all the Realms?
If by "a user" you mean "a delegated administrator", the answer is no,
there are hierarchy rules (on purpose, as you can read from [3]) to
restrict such scope.
[1] http://syncope.apache.org/docs/2.1/reference-guide.html#domains
[2] http://syncope.apache.org/docs/2.1/reference-guide.html#realms
[3]
http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration
[4] http://blog.tirasa.net/benchmarking-apache-syncope-on-postgresql.html
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
