[midPoint] new to IAMs -- general usage question
Jon V
sito.org at gmail.com
Thu Nov 5 22:50:40 CET 2015
On Thu, Nov 5, 2015 at 3:00 AM:
> From: Jason Everling <jeverling at bshp.edu>
>
> I wanted to reply to this one,
>
> "or if the roles, etc in the IAM are strictly for permissions *within* the
> IAM system itself and not meant to have meaning to outside systems."
>
> The roles,orgs,etc.. in midpoint can have meaning outside the system. A
> role/org in midpoint can be used to manage groups and roles in external
> systems, like LDAP groups or Unix groups and also generically.
>
> JASON
>
thank you for your input, jason. to help me wrap my head around what i am
trying to do a bit more, i have started coding out some stubs from our
codebase side, to see if i can meet midpoint, well, half-way, if you will.
just some simple java classes and methods. to put it in its most simplest
form, i am wanting to answer this (pseudocode) boolean question:
object.canUserDo(user, activity)
my plan is to do with with a combination of roles and groups (e.g. a role
permits activities, a user has a role *within a group*. the group is
linked to the object).
so really, i am hoping to not have to do all the group/role/user
crud/ui/persistence at all, not reinvent the wheel. now that i have a
little more code on our end, i may try to map these concepts to midpoint
and see if it can handle the management for us.
thanks again for feedback on my question,
-jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151105/5747fa7e/attachment.htm>
More information about the midPoint
mailing list