Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-337

Support for privilege inheritence chains

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • PLINK_2.6.0.CR3
    • PLINK_2.5.3.Beta1
    • IDM
    • None

    Description

      At present, privilege check methods such as those in org.picketlink.idm.model.basic.BasicModel (e.g. isMember(), hasRole(), etc) only perform a check for direct assignment. Indirect privileges, such as those gained from being a member of a group are not currently supported.

      The @InheritsPrivileges annotation is intended to allow identity classes and relationships to be configured with a "chain" of privileges, from which a determination can be made as to whether an identity is entitled to a privilege which may be assigned indirectly via a group membership (or other relationship type).

      Attachments

        Issue Links

          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) PLINK-322 BasicModel.hasRole should consider roles assigned to the group which the user belongs to

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved

          Activity

            People

              psilva@redhat.com Pedro Igor Craveiro
              sbryzak@redhat.com Shane Bryzak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: