You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Manfredo Hopp <mh...@gmail.com> on 2014/11/19 21:39:57 UTC

role mapping resources

Hello, is it possible to map roles with a resource?

Thanks

Re: role mapping resources

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 21/11/2014 17:15, Manfredo Hopp wrote:
> My case is your point 2 with possibly scripted SQL, how is group 
> provisioning implemented/expected in that case?

Group provisioning works very similarly to user provisioning: create a 
resource, define a suitable role mapping for that resource and, when you 
assign such resource to a role, this role will be propagated as a group 
in the external resource.

Then it comes to the connector for external resource: I am familiar with 
Active Directory and LDAP (for which Syncope also provides some helper 
classes for keeping membership and password management), but not very 
much with the Scripted SQL connector [1]: AFAICT that connector just 
gives you the possibility to write groovy scripts that will be invoked 
for each operation (create / update / delete / ...).

Marco, can you provide some examples of such scripts? It seems to me 
that the Scripted SQL connector is also capable of handling __GROP__ 
objectclass (for role provisioning) besides __ACCOUNT__ (for user 
provisioning): am I right?

Regards.

[1] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL

> 2014-11-20 4:28 GMT-03:00 Francesco Chicchiriccò <ilgrosso@apache.org 
> <ma...@apache.org>>:
>
>     On 19/11/2014 21:39, Manfredo Hopp wrote:
>
>         Hello, is it possible to map roles with a resource?
>
>
>     Hi Manfredo,
>     please provide some further detail: with Syncope you can assign
>     external resource(s) to a role; this will
>
>      1. provision any user assigned to that role to the related
>     external resource(s) - if such resource(s) have user mapping defined
>      2. provision such role to the related external resource(s) - if
>     such resource(s) have role mapping defined and support group
>     provisioning (currently only Active Directory, LDAP and possibly
>     scripted SQL)
>      3. (only for LDAP & Active Directory) maintain Syncope membership
>     (e.g. Syncope user is assigned to Syncope role) to external
>     membership (e.g. LDAP user is in LDAP group)
>
>     HTH
>     Regards.
>
>
-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/

Re: role mapping resources

Posted by Manfredo Hopp <mh...@gmail.com>.

My case is your point 2 with possibly scripted SQL, how is group
provisioning implemented/expected in that case?

Regards

2014-11-20 4:28 GMT-03:00 Francesco Chicchiriccò <il...@apache.org>:

> On 19/11/2014 21:39, Manfredo Hopp wrote:
>
>> Hello, is it possible to map roles with a resource?
>>
>
> Hi Manfredo,
> please provide some further detail: with Syncope you can assign external
> resource(s) to a role; this will
>
>  1. provision any user assigned to that role to the related external
> resource(s) - if such resource(s) have user mapping defined
>  2. provision such role to the related external resource(s) - if such
> resource(s) have role mapping defined and support group provisioning
> (currently only Active Directory, LDAP and possibly scripted SQL)
>  3. (only for LDAP & Active Directory) maintain Syncope membership (e.g.
> Syncope user is assigned to Syncope role) to external membership (e.g. LDAP
> user is in LDAP group)
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
>
>

Re: role mapping resources

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 19/11/2014 21:39, Manfredo Hopp wrote:
> Hello, is it possible to map roles with a resource?

Hi Manfredo,
please provide some further detail: with Syncope you can assign external 
resource(s) to a role; this will

  1. provision any user assigned to that role to the related external 
resource(s) - if such resource(s) have user mapping defined
  2. provision such role to the related external resource(s) - if such 
resource(s) have role mapping defined and support group provisioning 
(currently only Active Directory, LDAP and possibly scripted SQL)
  3. (only for LDAP & Active Directory) maintain Syncope membership 
(e.g. Syncope user is assigned to Syncope role) to external membership 
(e.g. LDAP user is in LDAP group)

HTH
Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/