You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Ciusso Hb <ci...@gmail.com> on 2019/01/04 14:38:51 UTC
User creation delegation on Realms
Hi, I think I'm missing a point (one of many :)) on users creation
delegation under specific realm.
I need to grant users creation to admin, only on Realm in which the admin
reside.
To do this, do I need to create a specific role for every realm?
If I have a lot of Realms (50k) can this be a problem?
thanks
best regards
Re: User creation delegation on Realms
Posted by Ciusso Hb <ci...@gmail.com>.
Hi Francesco, thank you very much for your answers.
You're right, we've discussed on realms in that thread, but at that time I
was not completely informed about the logic to assign permissions.
Actually, I could have gone on with questions in that thread...
Best regards
On Sat, Jan 5, 2019 at 12:34 PM Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 2019-01-04 15:38 Ciusso Hb wrote:
>
> > Hi, I think I'm missing a point (one of many :)) on users creation
> > delegation under specific realm.
> >
> > I need to grant users creation to admin, only on Realm in which the
> > admin reside.
> > To do this, do I need to create a specific role for every realm?
> > If I have a lot of Realms (50k) can this be a problem?
>
> Hi,
> I think we already discussed this point [1], no?
>
> The delegated administration model works with Roles, which are granted
> to users (thus becoming admins), with purpose of administering other
> users, groups and any objects, which are indicated as belonging to one
> or more realms (and descendants).
>
> > do I need to create a specific role for every realm?
>
> Yes.
>
> > If I have a lot of Realms (50k) can this be a problem?
>
> Well, it should not, but I am not aware of any deployment with so many
> realms: I guess you need to model a huge organization...
>
> Regards.
>
> [1]
>
> http://syncope-user.1051894.n5.nabble.com/Apache-Syncope-Max-Num-of-Realms-td5710118.html
> [2]
>
> http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
Re: User creation delegation on Realms
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 2019-01-04 15:38 Ciusso Hb wrote:
> Hi, I think I'm missing a point (one of many :)) on users creation
> delegation under specific realm.
>
> I need to grant users creation to admin, only on Realm in which the
> admin reside.
> To do this, do I need to create a specific role for every realm?
> If I have a lot of Realms (50k) can this be a problem?
Hi,
I think we already discussed this point [1], no?
The delegated administration model works with Roles, which are granted
to users (thus becoming admins), with purpose of administering other
users, groups and any objects, which are indicated as belonging to one
or more realms (and descendants).
> do I need to create a specific role for every realm?
Yes.
> If I have a lot of Realms (50k) can this be a problem?
Well, it should not, but I am not aware of any deployment with so many
realms: I guess you need to model a huge organization...
Regards.
[1]
http://syncope-user.1051894.n5.nabble.com/Apache-Syncope-Max-Num-of-Realms-td5710118.html
[2]
http://syncope.apache.org/docs/2.1/reference-guide.html#delegated-administration
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/