[midPoint] Group association with extra attribute from role

Nicolas Rossi nrossi at identicum.com
Tue Mar 19 13:27:48 CET 2019


Hi Alexander, this topic is discussed here as role explosion
<https://wiki.evolveum.com/display/midPoint/Role+Explosion> vs parametric
roles
<https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC#AdvancedHybridRBAC-ParametricRoles>.
It's partially supported. What kind of resource is it ? If it is a custom
one you can join both values as the role identifier (i.e. group
g:read-only) and then split the token received to get both values. It can
cause a role explosion but It's a simple solution.

Hope it helps,


Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Oficina: +54 (11) 4552-3050
Móvil: +54 (911) 6041-3920
www.identicum.com


On Mon, Mar 18, 2019 at 11:35 PM Alexandre Zia <alexandre.zia at ifood.com.br>
wrote:

> We have a situation were we have a role giving access to a group, through
> group association, the classic scenario.
>
> However, in this remote system there is only one group, and you assign
> this group to a user AND an access role defining if this association will
> be Admin or read-only.
>
> Let me explain:
> In the remote system we have:
>
> User: A
> User: B
>
> Group: G
>
> User A has group G associated with "Admin" role -> So he is an admin
> User B has group G associated with "Viewer" role -> So he is read-only user
>
> So in midpoint I've extended RoleType to add an attribute:  "roleId".
> (values can be 8 for admin, or 7 for viewer).
>
> When assigning the role to an user, the group association passes the Group
> ID to the connector,  as expected,
> But how can I pass this role attriibute "roleId" together with the groupId
> in group association?
>
>
> Thanks in advance.
> Alexandre
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190319/69fa5ff2/attachment.htm>


More information about the midPoint mailing list