I am looking good user/org provisioning system along with ability to manage entitlement(permissions). I am trying to see how Syncope can be used for provisioning etc. requirements 1. The app is in python and node.js requires different roles such as user, agent, manager etc. 2. each user is assigned an agent(a different user in system with agent role) for a certain duration. An agent may be changed for for a given user from time to time. agent assignment is done by manager (another user with manager role). e.g user1 may have agent1 from time t0 to t1 and agent2 from time t1 to t2 etc. 3. Fine grained permissions (entitilements) are required a.g agent can perform a buy operations for the users he is assigned, but no sell operation for any user. Also he is allowed to read all the transactions of all users irrespective of his assigned users. 4. An operation can be backdated e.g in above example for given date between t0 to t1 only agent1 should be allowed to perform buy operation for user1 and when given date is between t1 to t2 agent2 should be allowed 5. external keycloak sso server will be used for authentication (was able to setup and check this works). However need way to pull all the users of keycloak into syncope with a job/background 6. The apps(python/node.js) can make rest calls to syncope to get effective permissions to see given agent if he has permission for given user for given date etc. 7. need an ability to audit and find who was the agent for a given user and its trails How can I make use of Syncope for provisioning, organization creation, and finding permissions/entitlements of given agent/manager/user with respect to other user
Regards,Suresh
