[SYNCOPE-1630] Use Group owners to extend Delegated Administration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.1.10, 3.0.0-M0
Component/s: console, core, documentation
Labels:
None

Description

Currently, Delegated Aministration is based on Realms and Dynamic Realms.

The former is quite static but widely used; the latter is extremely flexible but not used in any deployment, in practice, because it quickly becomes slow with real numbers.

An idea is to put in place some form of group-based authorization model: user A is allowed to administer user B if (a) B is member of group G (b) A is owner of G.
One advantage of such approach is that no changes in persistence would be needed.

Attachments

Issue Links

links to

GitHub Pull Request #262

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Francesco Chicchiriccò

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Apr/21 05:36

Updated:: 08/Oct/21 06:30

Resolved:: 11/May/21 09:32