Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-1934

Add tenant concept to authorizations

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: backlog
    • Component/s: None

      Description

      Tenants are Orgs, therefore they can be used now indirectly by using them as a form of delegated administration. However, it is currently difficult to set up a single role that allows user to access only objects within the same tenant. A separate role for each tenant is needed.

      This feature would add the concept of current tenant to the authorization system. Therefore it will be possible to express authorizations such as "read all roles but only if they are in the same tenant as currently logged-in user". E.g. to support self-service, delegated administrator can manage users in his organization (tenant).

        Attachments

          Activity

            People

            • Assignee:
              semancik Radovan Semancik
              Reporter:
              vix Ivan Noris
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: