[keycloak-user] Users having Roles at Departments
Alper Kara
albinoseagull at gmail.com
Fri Apr 12 18:35:37 EDT 2019
What is the right way of having effect areas of roles like:
-Department1
--SubDepartment1
--SubDepartment2
-Department2
--SubDepartment3
--SubDepartment4
user - role at SomeGroupOrDepartment
Joe - manager at SubDepartment1
Kim - manager at Department2
Jim - user at Department2
Joe - user at Department1
Kim - qa at Department1
Kim - user at SubDepartment2
...
In the end we want to say in our applications
manager of Department 1 --> can write files
all users - -> can read files
all managers --> can have reports
any role in Sub Department 1 --> can use CAD
...
etc.
so to speak is there a good way to have effective role in triplets instead
of tuples... If my understanding is correct at the moment we have to create
composite roles with departments, In any living organization there are
multiple roles like employee, manager etc. with different departments doing
different things like human resource manager can read personal files,
where IT manager can access svn, and all managers can post announcement
emails where ordinary users can have different access rights depending on
department...
More information about the keycloak-user
mailing list