[keycloak-dev] hierarchical only groups?
Marek Posolda
mposolda at redhat.com
Tue Oct 20 07:48:30 EDT 2015
That's similar to how it worked for GateIn portal . There was only
parent-child notion and each group could be identified easily by path
consisting of it's simple name and parent hierarchy. For example root
group "platform" had path "/platform" . The subgroup "finance" of root
group "platform" had path "/platform/finance" etc.
All the roles were always assigned to user per group, so there was
notion like: User "john" is member of role "admin" in group
"/platform/finance" etc. Visualization was quite easy - some screenshots
are here:
https://docs.jboss.org/author/display/GTNPORTAL39/Manage+Users+and+Groups .
I think this model was sufficient (at least for portal purposes). Can't
any customer wanted the structure with group being child of multiple
parent groups.
Marek
On 19/10/15 16:40, Bill Burke wrote:
> I was wondering if it would be ok to only have parent/child, tree
> structure relationship between groups. Meaning, a group can't belong to
> multiple groups.
>
> I was just thinking about modeling a large company with groups. How
> would you visualize the group structure within the admin console? A
> hierarchical-only group structure would allow you to define a group with
> a simple non-unique names. i.e. "admins", "customers".
More information about the keycloak-dev
mailing list