Uploaded image for project: 'FORTRESS'
  1. FORTRESS
  2. FC-217

Option to disable role occupants

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.0.1
    • Labels:
      None

      Description

      Fortress supports two way user-role assignments. That is the role attribute is stored on user object, and the user membership is on the Role object. The latter is to be compatible with non-rbac implementations that use traditional group membership lookups for access control.

      The problem is when group have large numbers of users, i.e. 10’s of thousands, performance degrades on the edits of those objects.

      Strictly speaking fortress doesn’t need to associate user membership with roles, for its RBAC controls.

      add a option to disable, with config switch:
      role.occupants = false <— disable role-to-user mapping
      role.occupants = true <— enable role-to-user mapping

        Attachments

          Activity

            People

            • Assignee:
              smckinney Shawn McKinney
              Reporter:
              smckinney Shawn McKinney
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: