You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Bob Lannoy <bo...@gmail.com> on 2012/03/26 16:56:32 UTC
Delegation & console
Hi,
I've been testing Syncope and I'm interested in the delegation
mechanism as described in
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization.
Suppose I have a role structure as follows:
root
- org1 (role_10)
-- user (role_12)
-- admin (role_11)
- org2
-- user
--admin
If I assign
role_11 = user_list/view/create/delete/update/create & role_10 & role_12
I would expect that a user in role_11 would be able to create a user.
Through the console however that user cannot create users.
Is this something that has to be done through the rest-interface directly?
regards
Bob
Re: Delegation & console
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 26/03/2012 16:56, Bob Lannoy wrote:
> Hi,
>
> I've been testing Syncope and I'm interested in the delegation
> mechanism as described in
> https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization.
>
> Suppose I have a role structure as follows:
> root
> - org1 (role_10)
> -- user (role_12)
> -- admin (role_11)
> - org2
> -- user
> --admin
>
> If I assign
> role_11 = user_list/view/create/delete/update/create & role_10 & role_12
>
> I would expect that a user in role_11 would be able to create a user.
> Through the console however that user cannot create users.
> Is this something that has to be done through the rest-interface directly?
Hi Bob,
your assumption is right: it seems that you've found a bug :-)
I have created an issue for this [1].
Thanks for reporting.
Regards.
[1] https://issues.apache.org/jira/browse/SYNCOPE-48
--
Francesco Chicchiriccò
Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/