On 25/09/20 11:48, te...@net-c.com wrote: > Hi all, > > I'm actually trying to setup a simple apache syncope environment with > hierarchy realms tree. > > I use groups in each realm in order to manages roles. Then I would be able, > using group membership, to apply the right privileges easily for each realm > specifically. > > I created a bunch of users in root realm thinking that it would be possible > to set them in groups of different sub-realm. But no way to see the realms > group when I try give them membership. > > For exemple, I have two branches like : /A/B1 and /A/B2 > For each of these realms, I have a group "Support" > I would like my user j...@doe.com to be the support guy of both realm (of > course applying for those member of the group a bunch of entitlements, roles, > etc. for the realm) > How ? I thought first that to create the user in /A or in / would be > enough... but nope, I cannot create membership for sub-real m on user panel. > > The question is, is it possible for a User in realm / to be member of groups > in /sub-realms ? > > Indeed, I see that a user in /A/B/C can be part of any group of parent realms > (And this is written this way in the doc). I'am a bit confused, maybe > thinking too much in an "ldap" way... but as /A/B belongs to /A which belongs > to / I would think the opposite way (A user can belong to any sub-realm > group). > > Do you an an Idea of how should I do this kind of scenario ? Hi, you might want to have a look at
http://syncope.apache.org/docs/2.1/reference-guide.html#realms More specifically: A User or an Any Object can be members of Groups in the same realm or in one of the parent realms. Hope this clarifies. Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/