On 01/02/2017 22:13, Adrian Gonzalez wrote:
Hello Colm and Francesco,
Summarizing: while Roles currently have only Entitlements associated, in the
future we might also associate Privileges (which in turn are related to
Applications) to them. As a result, user U with role R will own both
Entitlements and Privileges.> If "privilege" is not suitable as name, let's
then rename the existing
Entitlements to something else and use the word "entitlement" to model the new
concept instead.
Would it make sense to have an association from Group to Roles also ?
If yes, we would end with :
Role
0..n entitlements
0..n privileges
Group
0..n roles
0..n users
User
0..n roles
I don't see the point in associating Groups to Roles: the former are
both for Users and Any Objects, the latter only for Users.
Moreover, you can always define dynamic Group memberships based on Role
assignment and vice-versa [1][2], e.g. User U is dynamically assigned
role R because he is member of Group G or U is dynamically member of G
because he has R assigned.
Regards.
[1]
https://syncope.apache.org/docs/reference-guide.html#memberships-relationships
[2] https://syncope.apache.org/docs/reference-guide.html#roles
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
