You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Shawn McKinney (JIRA)" <ji...@apache.org> on 2018/08/23 15:19:00 UTC

[jira] [Commented] (FC-239) Some additional methods to manage role constraints.

    [ https://issues.apache.org/jira/browse/FC-239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16590371#comment-16590371 ] 

Shawn McKinney commented on FC-239:
-----------------------------------

{color:#000000}Adding RoleConstraint type USER:{color}

{color:#000000}   public enum RCType{color}
{color:#000000}   {{color}
{color:#000000}       FILTER,{color}
{color:#000000}       USER,  <— this is new{color}
{color:#000000}       OTHER{color}
{color:#000000}   }{color}

{color:#000000}Which will piggyback on the existing entity, repurposing some of its fields:{color}
{color:#000000}String id;        <— not used, left blank{color}
{color:#000000}RCType type       <- ‘USER'{color}
{color:#000000}String value      <- contains the attribute’s value{color}
{color:#000000}String paSetName; <- contains the attribute’s (key) name{color}

{color:#000000}Here is sample of RAW data, as it will be stored in the ftRC LDAP attribute:{color}
{color:#000000}washers$type$USER$locale$north${color}
{color:#000000}washers$type$USER$locale$south${color}

{color:#000000}In this case, the user, has two roleconstraints placed on their role assignment to ‘washers’.  As can be seen, it uses a delimiter for each attr.  But nothing has changed to the overall format of the field.  Only the semantics of what the fields are used for.{color}

> Some additional methods to manage role constraints.
> ---------------------------------------------------
>
>                 Key: FC-239
>                 URL: https://issues.apache.org/jira/browse/FC-239
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 2.0.1
>            Reporter: Shawn McKinney
>            Assignee: Shawn McKinney
>            Priority: Major
>             Fix For: 2.0.2
>
>
> Now that Fortress supports attributes within the activation phase, convenience methods are needed to reduce complexity managing the attributes.
>  
> AdminMgr
> 1. assignUser ( User, Role , Constraint )
> 2. deassignUser ( User, Role, Constraint )
> ReviewMgr
> 3. List<UserRole> getRoleConstraints( User, Role, Constraint )
> AccessMgr
> 4. applyConstraint ( Session, Constraint )
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)