AnyType Role assignment to Groups

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

AnyType Role assignment to Groups

Sabina Mirauta
Hi Syncope users,

We need to store in Syncope roles for users and groups.
Since the Syncope roles are meant only for internal usage, I created an own AnyType CustomRole.
I have also defined a relationship UserCustomRole and for users I am able to create UserCustomRole relationships to CustomRoles.

For usability reasons we need to assign roles to groups, so that all users from a group have a role.
I don’t find another way to assign the CustomRole to a Group, than making the CustomRole a (static or dynamic) member of the group. I don’t like the role to be member of the group, members should be only the users.

Can someone tell me a simple and more natural way to 
- assign an AnyType CustomRole to a Group without making the CustomRole member of the group
- OR create a condition "User U is dynamically assigned CustomRole R because he is member of Group G”. I don’t find the way how to define this condition in Syncope.

Or maybe I can create and assign CustomRoles in Syncope in another way? Like without AnyTypes?

Detailed instructions would help me very much.

Thank you!

Sabina Mirauta

Reply | Threaded
Open this post in threaded view
|

Re: AnyType Role assignment to Groups

ilgrosso
Administrator
Hi Sabina,
my replies below.

Regards.

On 05/02/2017 22:29, Sabina Mirauta wrote:

> Hi Syncope users,
>
> We need to store in Syncope roles for users and groups.
> Since the Syncope roles are meant only for internal usage, I created
> an own AnyType CustomRole.
> I have also defined a relationship UserCustomRole and for users I am
> able to create UserCustomRole relationships to CustomRoles.
>
> For usability reasons we need to assign roles to groups, so that all
> users from a group have a role.
> I don’t find another way to assign the CustomRole to a Group, than
> making the CustomRole a (static or dynamic) member of the group. I
> don’t like the role to be member of the group, members should be only
> the users.

AnyType instances are given the possibility to me member of groups, as
much as users.

> Can someone tell me a simple and more natural way to
> - assign an AnyType CustomRole to a Group without making the
> CustomRole member of the group

No, at least without creating any extension to the data model.

> - OR create a condition "User U is dynamically assigned CustomRole R
> because he is member of Group G”. I don’t find the way how to define
> this condition in Syncope.

Only group memberships and role assignments can be static or dynamic.

> Or maybe I can create and assign CustomRoles in Syncope in another
> way? Like without AnyTypes?
>
> Detailed instructions would help me very much.
>
> Thank you!
>
> Sabina Mirauta

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: AnyType Role assignment to Groups

Colm O hEigeartaigh
Hi Francesco,

On Mon, Feb 6, 2017 at 10:31 AM, Francesco Chicchiriccò <[hidden email]> wrote:


- OR create a condition "User U is dynamically assigned CustomRole R because he is member of Group G”. I don’t find the way how to define this condition in Syncope.

Only group memberships and role assignments can be static or dynamic.

Would it be possible to make this more flexible without changing a lot of code? If a user can have a UserCustomRole relationship to a CustomRole, then if the user is a member of group G then the relationship is dynamically defined between the user and CustomRole. It seems like a useful thing to be able to do to me or is there a technical reason why it can't be done?

Colm.

 


Or maybe I can create and assign CustomRoles in Syncope in another way? Like without AnyTypes?

Detailed instructions would help me very much.

Thank you!

Sabina Mirauta

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/




--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: AnyType Role assignment to Groups

ilgrosso
Administrator
On 07/02/2017 11:55, Colm O hEigeartaigh wrote:
Hi Francesco,

On Mon, Feb 6, 2017 at 10:31 AM, Francesco Chicchiriccò <[hidden email]> wrote:


- OR create a condition "User U is dynamically assigned CustomRole R because he is member of Group G”. I don’t find the way how to define this condition in Syncope.

Only group memberships and role assignments can be static or dynamic.

Would it be possible to make this more flexible without changing a lot of code? If a user can have a UserCustomRole relationship to a CustomRole, then if the user is a member of group G then the relationship is dynamically defined between the user and CustomRole. It seems like a useful thing to be able to do to me or is there a technical reason why it can't be done?

So, you're essentially proposing to add the possibility to specify relationships between Groups and Any Objects (at the moment, only Users / Any Objects and Any Objects / Any Objects).
The semantic should be that if group G has relationship R with Any Object A, all users and any objects in G will have such relationship with A.

It is indeed feasible, but it will require some modifications in the data model, JPA implementation, data binder and finally admin console.
Something not trivial but definitely doable.

Moreover, since it involves modifications in the database structure, I would see it for 2.1.0 at earliest.

Regards.
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/