[
https://issues.apache.org/jira/browse/JS2-873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma resolved JS2-873.
---------------------------
Resolution: Fixed
The brand new portal trunk (copied over from the security-refactoring branch)
now provides a new and (extremely) flexible, extendable and pluggable Principal
Associations solution
which provides all the features described, and then some :)
> Simplified parent-child relationship model for Roles and Groups
> ---------------------------------------------------------------
>
> Key: JS2-873
> URL: https://issues.apache.org/jira/browse/JS2-873
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: Admin Portlets, Security
> Affects Versions: 2.2
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2
>
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> The current Jetspeed security role/group model *technically* supports a
> hierarchical relationship.
> In practice though, this isn't used really, nor do the j2-admin portlets
> support it through the UI.
> Furthermore, the hierarchical relationship is based on a specific
> (preferences) hierarchy naming which really doesn't fit well (better said:
> not at all) with a backend like LDAP.
> The current model simply cannot be used with LDAP for using role-group
> relationships.
> A typical use-case requiring a more simple and straighforward solution:
> - defining organisation divisions and subdivisions as groups and defining a
> parent-child relationship between them
> - a user belonging to a division group then also belongs to any subdivision
> group of that division
> - the same goes for roles, the user could automatically inherit the roles
> assigned to the subdivision group.
> As AFAIK the hierarchical relationship model isn't used at all right now,
> this issue will resolve its complexity and limitation by replacing it with
> "flat" parent-child relationships:
> - only support non-hierarchical groups and roles
> - allow a group or role needs to be defined as child of another group or role
> - just need a security-role-role and security-group-group table (and
> corresponding LDAP mapping)
> - check/enforce no circular references can be created
> - adding UI support for this will be rather easy: we already have support for
> the group-role relationships, this is just more of the same
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
