You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/07/10 16:36:00 UTC

[jira] [Commented] (SYNCOPE-1143) Fine-grained administration rights for Connector and Resources

    [ https://issues.apache.org/jira/browse/SYNCOPE-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16080615#comment-16080615 ] 

ASF subversion and git services commented on SYNCOPE-1143:
----------------------------------------------------------

Commit b5d6dc4aab3026374ff263a90d76b802a823173e in syncope's branch refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=b5d6dc4 ]

[SYNCOPE-1143] Now connector instances require an admin realm, which is used to enforce access control on it for administrative purposes


> Fine-grained administration rights for Connector and Resources
> --------------------------------------------------------------
>
>                 Key: SYNCOPE-1143
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1143
>             Project: Syncope
>          Issue Type: Improvement
>          Components: common, console, core
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>             Fix For: 2.0.5, 2.1.0
>
>
> The current delegated administration model defines coarse-grained entitlements when it comes to Connectors and Resources: either an administrator can manage all connectors and / or all resources, or cannot.
> By associating Connectors (and Resources, by consequence) to Realms, it is possible to grant entitlements (via Roles) to a given subset of all available Connector and Resources, e.g. the ones associated to specific Realm(s).
> Samples:
>  * if a Connector has the Realm {{/a/b/c}} assigned, then it would be manageable by users owning the {{CONNECTOR_UPDATE}} on Realm {{/a/b/c}} (or one of its parents)
>  * if a Resource is related to a Connector with the Realm {{/a/b/c}} assigned, then it would be manageable by users owning the {{RESOURCE_UPDATE}} on Realm {{/a/b/c}} (or one of its parents)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)