Thank you again Lenny, I am actually familar with that documentation however I seem not have understood it in full:
- since I use AD I don't think I can use permission based authorisation, is that correct? - in the result I am stuck with role based authorisation, right? This lead me to my assumption that I would need 120 organisation units in AD to express 2 x 5 x 20 application roles. Hence my pursuit how to configure this mapping efficiently inside the shiro.ini What am I missing please? Warm regards Andreas
