Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Currently, Delegated Aministration is based on Realms and Dynamic Realms.
The former is quite static but widely used; the latter is extremely flexible but not used in any deployment, in practice, because it quickly becomes slow with real numbers.
An idea is to put in place some form of group-based authorization model: user A is allowed to administer user B if (a) B is member of group G (b) A is owner of G.
One advantage of such approach is that no changes in persistence would be needed.
Attachments
Issue Links
- links to