Hi Francesco, thank you very much for your answers. You're right, we've discussed on realms in that thread, but at that time I was not completely informed about the logic to assign permissions. Actually, I could have gone on with questions in that thread...
Best regards On Sat, Jan 5, 2019 at 12:34 PM Francesco Chicchiriccò <[email protected]> wrote: > On 2019-01-04 15:38 Ciusso Hb wrote: > > > Hi, I think I'm missing a point (one of many :)) on users creation > > delegation under specific realm. > > > > I need to grant users creation to admin, only on Realm in which the > > admin reside. > > To do this, do I need to create a specific role for every realm? > > If I have a lot of Realms (50k) can this be a problem? > > Hi, > I think we already discussed this point [1], no? > > The delegated administration model works with Roles, which are granted > to users (thus becoming admins), with purpose of administering other > users, groups and any objects, which are indicated as belonging to one > or more realms (and descendants). > > > do I need to create a specific role for every realm? > > Yes. > > > If I have a lot of Realms (50k) can this be a problem? > > Well, it should not, but I am not aware of any deployment with so many > realms: I guess you need to model a huge organization... > > Regards. > > [1] > > http://syncope-user.1051894.n5.nabble.com/Apache-Syncope-Max-Num-of-Realms-td5710118.html > [2] > > http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ >
