[
https://issues.apache.org/jira/browse/FC-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15392268#comment-15392268
]
Shawn McKinney commented on FC-144:
-----------------------------------
Kseniya,
Would it be possible that this API works as well?
Session createSession (Role role);
The assumption being made here is that it is actually a role being passed down
and not a group. This role could then be part of a role hierachy which
inherits from other roles.
> Ability to assign groups to roles
> ---------------------------------
>
> Key: FC-144
> URL: https://issues.apache.org/jira/browse/FC-144
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 1.0.0-RC40
> Reporter: Florin Stingaciu
>
> We are currently working on performing an integration between Openstack
> Keystone and Fortress Core. We will use Fortress as the authorization backend
> for the rest of Openstack. We have managed to map most of the current
> functionality in Openstack within the Fortress schema except for the ability
> to assign roles to a group.
> I've spoken with [~smckinney], and he determined this improvement is a
> feasible addition to Fortress's feature set. After a number of back and
> forths, we have come up with the following requirements as API additions:
> * Session createSession (Group group, boolean isTrusted);
> * void assignGroup ( Group group, Role role );
> * List<Group> roleGroups ( Role role );
> * List<Role> groupRoles ( Group group );
> * the ability to use the above session with checkAccess(Session session,
> Permission perm)
> We also discussed temporal constrains for group to role assignment. Temporal
> constrains will not be utilized as this functionality has not been defined in
> Openstack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
