You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2008/08/29 12:04:44 UTC

[jira] Assigned: (JS2-873) Simplified parent-child relationship model for Roles and Groups

     [ https://issues.apache.org/jira/browse/JS2-873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ate Douma reassigned JS2-873:
-----------------------------

    Assignee: Ate Douma

> Simplified parent-child relationship model for Roles and Groups
> ---------------------------------------------------------------
>
>                 Key: JS2-873
>                 URL: https://issues.apache.org/jira/browse/JS2-873
>             Project: Jetspeed 2
>          Issue Type: New Feature
>          Components: Admin Portlets, Security
>    Affects Versions: 2.2
>            Reporter: Ate Douma
>            Assignee: Ate Douma
>             Fix For: 2.2
>
>   Original Estimate: 120h
>  Remaining Estimate: 120h
>
> The current Jetspeed security role/group model *technically* supports a hierarchical relationship.
> In practice though, this isn't used really, nor do the j2-admin portlets support it through the UI.
> Furthermore, the hierarchical relationship is based on a specific (preferences) hierarchy naming which really doesn't fit well (better said: not at all) with a backend like LDAP.
> The current model simply cannot be used with LDAP for using role-group relationships.
> A typical use-case requiring a more simple and straighforward solution:
> - defining organisation divisions and subdivisions as groups and defining a parent-child relationship between them
> - a user belonging to a division group then also belongs to any subdivision group of that division
> - the same goes for roles, the user could automatically inherit the roles assigned to the subdivision group. 
> As AFAIK the hierarchical relationship model isn't used at all right now, this issue will resolve its complexity and limitation by replacing it with "flat" parent-child relationships:
> - only support non-hierarchical groups and roles
> - allow a group or role needs to be defined as child of another group or role
> - just need a security-role-role and security-group-group table (and corresponding LDAP mapping)
> - check/enforce no circular references can be created
> - adding UI support for this will be rather easy: we already have support for the group-role relationships, this is just more of the same

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org