You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/05/11 07:38:00 UTC
[jira] [Commented] (SYNCOPE-1630) Use Group owners to extend
Delegated Administration
[ https://issues.apache.org/jira/browse/SYNCOPE-1630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17342377#comment-17342377 ]
ASF subversion and git services commented on SYNCOPE-1630:
----------------------------------------------------------
Commit bdeeac98bddfc264a5c0a4576b4f8bab0ffa015f in syncope's branch refs/heads/2_1_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=bdeeac9 ]
[SYNCOPE-1630] (1) centralize security checks in DAOs (2) improve JPAAnySearchDAO and (3) adjust Console
> Use Group owners to extend Delegated Administration
> ---------------------------------------------------
>
> Key: SYNCOPE-1630
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1630
> Project: Syncope
> Issue Type: Improvement
> Components: core, documentation
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.1.10, 3.0.0
>
>
> Currently, [Delegated Aministration|http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration] is based on Realms and Dynamic Realms.
> The former is quite static but widely used; the latter is extremely flexible but not used in any deployment, in practice, because it quickly becomes slow with real numbers.
> An idea is to put in place some form of group-based authorization model: user A is allowed to administer user B if (a) B is member of group G (b) A is owner of G.
> One advantage of such approach is that no changes in persistence would be needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)