[midPoint] Resource Protection
Radovan Semancik
radovan.semancik at evolveum.com
Wed Oct 14 15:32:03 CEST 2015
Hi Jens,
I'm not entirely sure what you mean. But there is a way how to group
resources: organizational structure. MidPoint organizational structure
is very flexible. It may contain users, but also any other objects. So
you can put roles or resources inside the organizational structure.
Organizational structure is an universal midPoint mechanism for grouping
things. Remember: you can have as many organizational structures as you
need, these can be flat or hierarchical and a single object can belong
to any number of organizational units. So you can have dedicated
organizational structure only for grouping resources. Then you can set
up authorizations over the organizational units (use the orgRef in
object specification, see
https://wiki.evolveum.com/display/midPoint/Authorization+Configuration
for an example).
--
Radovan Semancik
Software Architect
evolveum.com
On 10/14/2015 10:33 AM, mailinglist at j-b-s.de wrote:
> Hi Midpoint users!
>
> Currently we are evaluating Midpoint and we are trying to protect resources (files) and grant access individually per user. As we have many files a "per file" permission is not an option. Due to the fact everything is just a "string" we can simply define a RegEx as permission/role name but this seems to be a little odd(?). Is there a common practice for grouping resources or using "wildcards"?
>
> Thanks in advance
>
> Jens
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list