Uploaded image for project: 'FORTRESS'
  1. FORTRESS
  2. FC-217

Option to disable role occupants

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.0.1
    • None

    Description

      Fortress supports two way user-role assignments. That is the role attribute is stored on user object, and the user membership is on the Role object. The latter is to be compatible with non-rbac implementations that use traditional group membership lookups for access control.

      The problem is when group have large numbers of users, i.e. 10’s of thousands, performance degrades on the edits of those objects.

      Strictly speaking fortress doesn’t need to associate user membership with roles, for its RBAC controls.

      add a option to disable, with config switch:
      role.occupants = false <— disable role-to-user mapping
      role.occupants = true <— enable role-to-user mapping

      Attachments

        Activity

          People

            smckinney Shawn McKinney
            smckinney Shawn McKinney
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: