Hi Matthieu,
sorry for the delay, we are just in the middle of the next release
(1.5.1 is due very soon), so we have very few CPU cycle to process your
mail.
Please feel free to ping us again if you get no answer in the next few
days !
Emmanuel
metcox a écrit :
Hi,
In my application I use Apache directory Server - but the application
should be pluggable with any other directory - and the triplesec api
to manage authentication and authorization.
With this combination I can add a grant to a role without having to
define the related permission.
I know it's not possible with a full triplesec solution but it's
something I'm looking for because I need to add dynamic grants. It
means an application admin (or a user which is able to add grants to
another user) could build a grant.
For instance:
"viewjob JOB" - the user is able to see the job JOB
"viewjob *" - the user is able to see all the jobs
or more complicated "viewjob *[status='SUCCESS']" - view all the job
with success status.
So this kind of permission can't already exist, or be created on the
fly without a complex permission management:
- if the permission don't already exist -> create a new one
- if the grant is removed -> delete the permission or another user
have this permission?
- if the grant is rename -> remove the permission and create a new
one, or just rename the permission?
So my questions are:
- Is it possible to use triplesec api (guardian and admin) without
using the triplesec server. For instance, can I use the guardian api
with a OpenLdap server?
- is it possible to add grants to a role (or a profile) without having
to define a related permission?
Regards,
Mathieu
