Development #751
Improve the manager based on RBAC
Start date:
12 October 2011
Due date:
% Done:
100%
Estimated time:
Patch proposed:
No
Planning:
Related issues
History
Updated by Benjamin Dauvergne over 8 years ago
- Patch proposed set to No
Discussion on authorization in authentic restarted thanks to current tickets #5261 and #4775:
First my idea for an authorization framework datamodel:
Action = (Slug) Permission = (Action, Object) # ex. ('login', SAML provider#01) Role = (Name, Slug, [Permission]) UserRoleMapping = (User, Role) GroupRoleMapping = (Group, Role)
Maybe we should restrain from defining any kind of data model and just try to create an API that allow service providers to know when they can allow login or not.
Some grand goal for any authorization framework:- be as simple as possible for getting a working implementation fast, but allow extensions,
- provide a hierarchical role model with inheritance
- long term: allow to import authorization model from service provider locally, maybe not natively but by allowing multiple authorization backend to be loaded at the same time and answer to authorization requests:
- a backend could for example synchronize a list of distant roles so that all management can be done in authentic without having to manually recreate the role mode on its side (roles from w.c.s.),
- reversely roles defined in authentic could be given some context and be replicated to the service provider when they are local to it.
- login on service provider #04 to user/group #05
- add attribute 'xyz' with value 'abc' to user/group #07 on service provider #02
- manage users in group 'Administrators of service provider #05'
Updated by Benjamin Dauvergne almost 8 years ago
- Related to Bug #6143: /manage : we should allow a superadmin activate is_admin added
Updated by Benjamin Dauvergne almost 8 years ago
- Related to Development #5541: Add a page to manage providers added
Updated by Benjamin Dauvergne almost 8 years ago
- Subject changed from Authentic2 administration based on RBAC to Improve the manager based on RBAC
- Assignee changed from Mikaël Ates to Benjamin Dauvergne
- Priority changed from Bas to Haut
Updated by Benjamin Dauvergne almost 8 years ago
- Related to Bug #5658: Review permission checking in the manager added
Updated by Benjamin Dauvergne over 7 years ago
- Status changed from Nouveau to Résolu (à déployer)
- % Done changed from 0 to 100
Appliqué par commit authentic2|25ad9166a1a0367c659e858346db7f9b8b7fa3f3.
Updated by Benjamin Dauvergne almost 7 years ago
- Status changed from Résolu (à déployer) to Solution déployée
custom_user: add view permission to user and group model
refs #751