You are most welcome! More comments below… I think you need dynamic configuration with dynamic permissioning, and a custom realm. See realm guide on how to do that.
> On Sep 7, 2024, at 12:54 PM, Andreas Reichel <[email protected]> > wrote: > > Thank you again Lenny, > > I am actually familar with that documentation however I seem not have > understood it in full: > > - since I use AD I don't think I can use permission based authorisation, is > that correct? No, that is not correct. You can override the “default” LDAP realm and create any permissions in that realm as you wish. > - in the result I am stuck with role based authorisation, right? Also not correct. > > This lead me to my assumption that I would need 120 organisation units in AD > to express 2 x 5 x 20 application roles. > Hence my pursuit how to configure this mapping efficiently inside the > shiro.ini > > What am I missing please? > > Warm regards > Andreas
