I want to be able to use some delegation mechanism so that orgA can create its own roles and orgB as well.
So for every role that will be added by some user from orgA or orgB, my role_read user will have to add that role to its entitlements? Incidentely, there's something strange. I can call /rest/role/list.json without being authenticated to core. (which is handy in my case but probably isn't what you want) Bob 2012/4/4 Francesco Chicchiriccò <[email protected]>: > > If I understood correctly, you want to give to a "plain" admin user - i.e. > not the default admin user - the ability to read some roles, actually the > roles owned by other users. > > You need to give to such "plain" admin user the ROLE_READ entitlement (for > this you will need to give this entitlement to one of roles owned by the > plain admin user). > At this point, this plain admin user will be able to read all roles for > which he owns a ROLE_XXX entitlement. > > Does it sound? > > Regards. > > -- > Francesco Chicchiriccò > > Apache Cocoon PMC and Apache Syncope PPMC Member > http://people.apache.org/~ilgrosso/ >
