3 Replies Latest reply on Feb 17, 2011 5:44 PM by abeyazyi

    identity management @RoleGroup

    danclemson
    danclemson Aug 6, 2009 7:52 PM

      Hi,


      I am a bit confused of the @RoleGroup concept.


      The description of Role says:
      Role can be granted either to users (or in some cases to other roles).


      The definition of @RoleGroup says:
      This annotation marks the field or method containing the group memberships of the role.


      And in the coding examples it shows:


      @RoleGroups
@ManyToMany(targetEntity = Role.class)
@JoinTable(name = "RoleGroups",
    joinColumns = @JoinColumn(name = "RoleId"),
    inverseJoinColumns = @JoinColumn(name = "GroupId"))
public Set<Role> getGroups() { return groups; }
public void setGroups(Set<Role> groups) { this.groups = groups; }



      Where it seems that @RoleGroups is annotatet a group of other roles.


      Question:
      1) what is the need for @RoleGroup or why we need to role to other roles?
      2) how seam identity mangament can support data model with user and usergroup?


      Thanks /dan

      • 139 Views
      • Tags:
        • 1. Re: identity management @RoleGroup
          mroeoesli Aug 7, 2009 7:16 AM (in response to danclemson)

          @RoleGroups is used in your Role class. It says that a Role can have other Roles.


          Users can hava a role and this role can have other roles. This concept is for implicit roles.


          Here an example:


          If you have a Role Developers and a subRole : GUI-Developers you can say all who have the GUI-Developer Role automaticly have the Role Developers.


          In this case you add the Role Developers to RoleGroups of GUI-Developers


          If you grant the Role GUI-Developers to a User, this user implicit also have the Role Developers.
          With this approach you don't need to grant both Roles to the User.


          This makes sens if you have a lot of cascaded Roles.


          Seam automaticly resolves this RoleGroups while checking permissions.



          Greetz Marco

            • Actions
          • 2. Re: identity management @RoleGroup
            danclemson
            danclemson Aug 7, 2009 6:37 PM (in response to danclemson)

            Marco,


            thanks for the clear and concise explaination. /dan

              • Actions
            • 3. Re: identity management @RoleGroup
              abeyazyi
              abeyazyi Feb 17, 2011 5:44 PM (in response to danclemson)

              I was having some trouble with the concept myself, I guess there are many different ways how this can be implemented but following worked for me.



              Role             Member of groups
addClaim          
addLoan          
admin          
claimUser     systemUser, addClaim     
loanUser     systemUser, addLoan     
systemUser     viewClaim, viewLoan     
user          
viewClaim     
viewLoan



              And I allow user to select only roles with Groups. Based on the structure above, user ca be assigned following role(s) :systemUser, claimUser and loanUser

                • Actions