You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2008/08/29 12:04:44 UTC
[jira] Assigned: (JS2-873) Simplified parent-child relationship
model for Roles and Groups
[ https://issues.apache.org/jira/browse/JS2-873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reassigned JS2-873:
-----------------------------
Assignee: Ate Douma
> Simplified parent-child relationship model for Roles and Groups
> ---------------------------------------------------------------
>
> Key: JS2-873
> URL: https://issues.apache.org/jira/browse/JS2-873
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: Admin Portlets, Security
> Affects Versions: 2.2
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2
>
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> The current Jetspeed security role/group model *technically* supports a hierarchical relationship.
> In practice though, this isn't used really, nor do the j2-admin portlets support it through the UI.
> Furthermore, the hierarchical relationship is based on a specific (preferences) hierarchy naming which really doesn't fit well (better said: not at all) with a backend like LDAP.
> The current model simply cannot be used with LDAP for using role-group relationships.
> A typical use-case requiring a more simple and straighforward solution:
> - defining organisation divisions and subdivisions as groups and defining a parent-child relationship between them
> - a user belonging to a division group then also belongs to any subdivision group of that division
> - the same goes for roles, the user could automatically inherit the roles assigned to the subdivision group.
> As AFAIK the hierarchical relationship model isn't used at all right now, this issue will resolve its complexity and limitation by replacing it with "flat" parent-child relationships:
> - only support non-hierarchical groups and roles
> - allow a group or role needs to be defined as child of another group or role
> - just need a security-role-role and security-group-group table (and corresponding LDAP mapping)
> - check/enforce no circular references can be created
> - adding UI support for this will be rather easy: we already have support for the group-role relationships, this is just more of the same
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org