[jboss-jira] [JBoss JIRA] (WFLY-1618) Access Control - User to Role Mapping

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Tue Jul 16 12:38:29 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-1618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790068#comment-12790068 ] 

Darran Lofthouse commented on WFLY-1618:
----------------------------------------

Discussing scoped roles with Brian we also agree to define scoped roles first in the domain configuration and hosts using scoped roles will be referencing previously defined roles.

This has the advantage that the admin tools can also obtain a list of all scoped roles and work on a finite list of roles without needing to worry that a host not currently running may have an additional scoped role of it's own.

Multiple hosts could make use of the same scoped role but that is good for this style of config, if uniquely names scoped roles needed to be used everywhere we may prefer a role mapping config that supports multiple roles.
                
> Access Control - User to Role Mapping
> -------------------------------------
>
>                 Key: WFLY-1618
>                 URL: https://issues.jboss.org/browse/WFLY-1618
>             Project: WildFly
>          Issue Type: Task
>          Components: Domain Management
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 8.0.0.Beta1
>
>
> XML Structure: -
> {code}
> <access-control>
>   <role-mapping use-realm-roles="true/false">
>     <role name="role_name">
>       <includes>
>         <user realm="realm_name" name="user_name" />  <!-- Realm is optional, most useful for servers where different realms are used for different interfaces. -->
>         <group realm="realm_name" name="group_name" />
>       </includes>
>       <excludes>
>         <user realm="realm_name" name="user_name" />
>         <group realm="realm_name" name="group_name" />
>       </excludes>
>     </role>
>   </role-mapping>
> </access-control>
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list