-
1. Re: A question about relationship Role, User and Group
jayshaughnessy Dec 7, 2009 9:48 AM (in response to thomas2008ch)In short the Role ties together users and resource groups. A user is associated with one or more roles. A role is associated with one or more resource groups. The user then has access to the resources associated with his role's groups. Furthermore, the role defines the permissions the user has on those resources.
For more, check out the docs. A useful page to start on is [1].
Jay
[1] http://www.redhat.com/docs/en-US/JBoss_ON/2.3/html/Feature_Guide/sect-Feature_Guide-Groups-Concepts_Terminology.html -
2. Re: A question about relationship Role, User and Group
thomas2008ch Dec 8, 2009 2:53 AM (in response to thomas2008ch)Can't we do in a simple way as follow?
Resource is assigned to Role.
Role is assigned to Group.
Add a Suer to a Group and he has the role and the resource. -
3. Re: A question about relationship Role, User and Group
jayshaughnessy Dec 8, 2009 9:23 AM (in response to thomas2008ch)Groups are Resource Groups. Not user groups. So, no, that is not how it is done in JON. Roles connect Users to Resources and define the permissions the user has when interacting with those resources.
-
4. Re: A question about relationship Role, User and Group
thomas2008ch Dec 8, 2009 9:45 AM (in response to thomas2008ch)"jayshaughnessy" wrote:
Groups are Resource Groups. Not user groups. So, no, that is not how it is done in JON. Roles connect Users to Resources and define the permissions the user has when interacting with those resources.
So you mean by JON there is no Group for User, such like that by LDAP? -
5. Re: A question about relationship Role, User and Group
jayshaughnessy Dec 8, 2009 10:55 AM (in response to thomas2008ch)That's right. The terminology does not map exactly to LDAP. An LDAP user group, I believe, is close to a JON Role. In JON all users associated with a Role are related in that they have access to the same resources and have the same assigned privileges.
As for LDAP, JON allows for LDAP authentication (i.e. login via LDAP) but not authorization, meaning there is no built in mapping of LDAP user groups/permissions to JON roles. This level of integration is possible, although it requires some remote scripting to perform the work. -
6. Re: A question about relationship Role, User and Group
thomas2008ch Dec 8, 2009 11:36 AM (in response to thomas2008ch)Many thanks to your answer!
But even though, I would like to say, the LDAP should be an "internationla standard". Why JON doesn't use this standard? :-)
I am the oppinion as described before:
Asign Resouce to Role
Asign Role to a group and
Add a User to a Group so the User has the access to the Role.
If you want a User having access to other Resources, youcan asign this User to other Group which occupies the Role and its Resouce.
In this way one can manage the User easily. :-)
This is simply a discussion. You can ignog it.