-
1. Re: identity management @RoleGroup
mroeoesli Aug 7, 2009 7:16 AM (in response to danclemson)@RoleGroups is used in your Role class. It says that a Role can have other Roles.
Users can hava a role and this role can have other roles. This concept is for implicit roles.
Here an example:
If you have a Role
Developers
and a subRole :GUI-Developers
you can say all who have theGUI-Developer
Role automaticly have the RoleDevelopers
.In this case you add the Role
Developers
to RoleGroups ofGUI-Developers
If you grant the Role
GUI-Developers
to a User, this user implicit also have the RoleDevelopers
.
With this approach you don't need to grant both Roles to the User.This makes sens if you have a lot of cascaded Roles.
Seam automaticly resolves this RoleGroups while checking permissions.
Greetz Marco
-
2. Re: identity management @RoleGroup
danclemson Aug 7, 2009 6:37 PM (in response to danclemson)Marco,
thanks for the clear and concise explaination. /dan
-
3. Re: identity management @RoleGroup
abeyazyi Feb 17, 2011 5:44 PM (in response to danclemson)I was having some trouble with the concept myself, I guess there are many different ways how this can be implemented but following worked for me.
Role Member of groups addClaim addLoan admin claimUser systemUser, addClaim loanUser systemUser, addLoan systemUser viewClaim, viewLoan user viewClaim viewLoan
And I allow user to select only roles with Groups. Based on the structure above, user ca be assigned following role(s) :systemUser, claimUser and loanUser