<div dir="ltr">I'm sure there are benefits of a group belonging to groups, but I think it's outweighed by the complexity involved.</div><div class="gmail_extra"><br><div class="gmail_quote">On 20 October 2015 at 13:48, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">That's similar to how it worked for GateIn portal . There was only<br>
parent-child notion and each group could be identified easily by path<br>
consisting of it's simple name and parent hierarchy. For example root<br>
group "platform" had path "/platform" . The subgroup "finance" of root<br>
group "platform" had path "/platform/finance" etc.<br>
<br>
All the roles were always assigned to user per group, so there was<br>
notion like: User "john" is member of role "admin" in group<br>
"/platform/finance" etc. Visualization was quite easy - some screenshots<br>
are here:<br>
<a href="https://docs.jboss.org/author/display/GTNPORTAL39/Manage+Users+and+Groups" rel="noreferrer" target="_blank">https://docs.jboss.org/author/display/GTNPORTAL39/Manage+Users+and+Groups</a> .<br>
<br>
I think this model was sufficient (at least for portal purposes). Can't<br>
any customer wanted the structure with group being child of multiple<br>
parent groups.<br>
<span class="HOEnZb"><font color="#888888"><br>
Marek<br>
</font></span><span class="im HOEnZb"><br>
<br>
On 19/10/15 16:40, Bill Burke wrote:<br>
> I was wondering if it would be ok to only have parent/child, tree<br>
> structure relationship between groups. Meaning, a group can't belong to<br>
> multiple groups.<br>
><br>
> I was just thinking about modeling a large company with groups. How<br>
> would you visualize the group structure within the admin console? A<br>
> hierarchical-only group structure would allow you to define a group with<br>
> a simple non-unique names. i.e. "admins", "customers".<br>
<br>
</span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br></div>