[jboss-dev-forums] [Design of JBoss Portal] - Re: Initiall identity model discussion
Antoine_h
do-not-reply at jboss.com
Sun Jul 15 09:50:14 EDT 2007
By the way : a description field for the Role would be good.
This help understand what is the role (when there are many of them).
Open a jira on that ? or keep it in the list of many things to do for Identity evolution ?
********************************
I like business role.
I have just extended the User and Role objects and services, to manage "portal and business process".
I call them UserPortalBP and RolePortalBP.
The idea is to have a User (and Role) that offers some general properties for portal, and some properties and methods for business process needs (in the same instance).
Example : access to a ProductCatalogAdminPortlet is related to the role/permission of "productViewer", "productModifyer" (modify only), "productAllControl" (create, suppress...).
Those 3 roles must access to the portlet (GUI).
In the JSR, there is a mapping of Portal roles and application roles (for EJB, etc...). I remember it is ok, but not usefull enough : don't want to write that in the portlet descriptor... no management tools etc....
So : create a RolePortal, with
- an API that provide a RoleExtension interface : getRoleExtension(), setRoleExtension(RoleExtension re)
- RoleExtension extends Role interface
- Check the usual User and Role methods against this extension too : use of a patron pattern to delegate some treatment to the RoleExtension implementation
That's the way I see it...
********************************
For user belong to community, user belong to role/group.
I am not sure that a "belong to" relation is enough and/or efficient for managing the roles of the business process requierements.
in the JBPM documentation (Boleslaw post):
anonymous wrote :
| Note that the user-roles model as it is used in the servlet, ejb and portlet specifications, is not sufficiently powerful for handling task assignments. That model is a many-to-many relation between users and roles. This doesn't include information about the teams and the organisational structure of users involved in a process.
Recently, an expert of this kind of stuff told me that : Rule management of users and permissions are much better than just "belong to a role". It avoid to create thousands (not kidding) of roles to map the needs of companies (subsidiaries, departments, teams, ...).
Rule say : If user is in departement A, then he has the permission of permissionGroupF + permissionGroupG - permissionGroupH
This is much more powerfull to create and maintain Users and Permissions.
I think the idea is good, but did not have an opportunity to do it since.
I will probably implement something with JBoss Rule, over my RolePortalBP.
May be the JBoss Rule team as yet seen something about this.
********************************
For Role Group
It could be implemented with rules.
"belong to group" rule could be a simple use of rule.
This allow some developper to extend role/group management to some more powerful management, using rules.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064309#4064309
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064309
More information about the jboss-dev-forums
mailing list