On 2019-01-04 15:38 Ciusso Hb wrote:
Hi, I think I'm missing a point (one of many :)) on users creation
delegation under specific realm.
I need to grant users creation to admin, only on Realm in which the
admin reside.
To do this, do I need to create a specific role for every realm?
If I have a lot of Realms (50k) can this be a problem?
Hi,
I think we already discussed this point [1], no?
The delegated administration model works with Roles, which are granted
to users (thus becoming admins), with purpose of administering other
users, groups and any objects, which are indicated as belonging to one
or more realms (and descendants).
do I need to create a specific role for every realm?
Yes.
If I have a lot of Realms (50k) can this be a problem?
Well, it should not, but I am not aware of any deployment with so many
realms: I guess you need to model a huge organization...
Regards.
[1]
http://syncope-user.1051894.n5.nabble.com/Apache-Syncope-Max-Num-of-Realms-td5710118.html
[2]
http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
