[midPoint] Role Explosion and Role Parameters
Nicolas Rossi
nrossi at identicum.com
Fri Jun 29 00:11:00 CEST 2018
Hi guys,
We are working on a customer who needs to define some roles with parameters
to prevent role explosion scenario. I have found lot of references to this
issue on the wiki (here
<https://wiki.evolveum.com/display/midPoint/Role+Explosion>, here
<https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC#AdvancedHybridRBAC-ParametricRoles>
and here
<https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-ParametricAssignments>).
There were also similar question
<https://lists.evolveum.com/pipermail/midpoint/2013-July/000096.html>s on
the mailing list few years ago where Radovan explains that is was designed
but not implemented.
Regarding the Radovan explanation I am not sure if we should extend the
AssociationType to add custom parameters or if we should define role
parameters (couldn't find any example on the documentation).
On the UI when and end-user request a new role, he can define properties on
the assignment (parameters) for each role, but... is there any way to
define that some properties / parameters are required so the user can't
request the role without specifying some value for that parameter ?
I apologize in advance for the lengthy e-mail
Thanks,
Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180628/0385753f/attachment.htm>
More information about the midPoint
mailing list