Il giorno 19/apr/2012, alle ore 11.20, Bob Lannoy ha scritto: > Hi guys, > > this is something I would like to have. A "normal user" that can only > create users and assign roles to them doesn't need to see all the tabs > like "derived attributes", "virtual attributes", resources, ... > Maybe this could be mapped to "UI-entitlements". > A simplified console as you like.
That's right but I wouldn't use entitlements; I'd prefer an approach template oriented like userTemplates defined for synchronization tasks. > I would even go as far as limiting the roles a such a user can see. > Something like a scope or base (show roles underneath role_XX) . But > this is probably something very specific to my use of Syncope since I > would like to have several organisations in a role tree. By using a good template we should be able to apply a restriction on: * roles * resources * memberships and membership attributes (normal, derived and virtual) * user attributes * user derived attributes * user virtual attributes > As I understand it, for the moment I would have to make a custom > UserModalPage to handle this. > Can someone give me an example how I do this with the maven overlay? You have to perform the following steps: * create the project [1] * add your new UserModalPage using the same package (may be editing a copy of the original class) * add your UserModalPage.html and UserModalPage[_it | _nl | _de].properties * build and deploy [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Create+a+new+Syncope+project Regards, F. > On 19 April 2012 10:50, Fabio Martelli <[email protected]> wrote: >> >> Il giorno 19/apr/2012, alle ore 10.12, Marco Di Sabatino Di Diodoro ha >> scritto: >> >>> Suggest: >>> >>> Possibility to specify a custom user form with a set of attributes for the >>> members of an role. >>> The user assigned the role will use this user form when creating or editing >>> users. A user form assigned through a role overrides the default user form >>> of Apache Syncope. >> >> You are suggesting to add something to restrict user information to be >> managed by a certain administrator, right? >> >> In this way you can say that an user, delegated to manage users under >> certain conditions (by adding roles to admin and users), can manage >> attributes, resources, roles and so on in respect of what specified by a >> certain template provided by the core. >> The UserModalPage of the administration console should become more >> parametric than now by showing only the fields specified by the core (if >> template is provided). >> >> This shouldn't be a second level of security but just a presentation issue, >> right? >> >> Regards, >> F. >> >>> >>> WDYT? >>> >>> Marco >>> -- >>> >>> Dott. Marco Di Sabatino Di Diodoro >>> Tel. +39 3939065570 >>> >>> Tirasa S.r.l. >>> Viale D'Annunzio 267 - 65127 Pescara >>> Tel +39 0859116307 / FAX +39 0859111173 >>> http://www.tirasa.net >>> >>> Apache Syncope PPMC Member >>> http://people.apache.org/~mdisabatino >>> >>> >>> >>> >>
