Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-1934

Add tenant concept to authorizations

    Details

      Description

      Tenants are Orgs, therefore they can be used now indirectly by using them as a form of delegated administration. However, it is currently difficult to set up a single role that allows user to access only objects within the same tenant. A separate role for each tenant is needed.

      This feature would add the concept of current tenant to the authorization system. Therefore it will be possible to express authorizations such as "read all roles but only if they are in the same tenant as currently logged-in user". E.g. to support self-service, delegated administrator can manage users in his organization (tenant).

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            semancik Radovan Semancik
            Reporter:
            vix Ivan Noris
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: