3 Replies Latest reply on Feb 17, 2011 5:44 PM by Beyaz

    identity management @RoleGroup

    dan liu Newbie


      I am a bit confused of the @RoleGroup concept.

      The description of Role says:
      Role can be granted either to users (or in some cases to other roles).

      The definition of @RoleGroup says:
      This annotation marks the field or method containing the group memberships of the role.

      And in the coding examples it shows:

      @ManyToMany(targetEntity = Role.class)
      @JoinTable(name = "RoleGroups",
          joinColumns = @JoinColumn(name = "RoleId"),
          inverseJoinColumns = @JoinColumn(name = "GroupId"))
      public Set<Role> getGroups() { return groups; }
      public void setGroups(Set<Role> groups) { this.groups = groups; }

      Where it seems that @RoleGroups is annotatet a group of other roles.

      1) what is the need for @RoleGroup or why we need to role to other roles?
      2) how seam identity mangament can support data model with user and usergroup?

      Thanks /dan

        • 1. Re: identity management @RoleGroup
          Marco Röösli Newbie

          @RoleGroups is used in your Role class. It says that a Role can have other Roles.

          Users can hava a role and this role can have other roles. This concept is for implicit roles.

          Here an example:

          If you have a Role Developers and a subRole : GUI-Developers you can say all who have the GUI-Developer Role automaticly have the Role Developers.

          In this case you add the Role Developers to RoleGroups of GUI-Developers

          If you grant the Role GUI-Developers to a User, this user implicit also have the Role Developers.
          With this approach you don't need to grant both Roles to the User.

          This makes sens if you have a lot of cascaded Roles.

          Seam automaticly resolves this RoleGroups while checking permissions.

          Greetz Marco

          • 2. Re: identity management @RoleGroup
            dan liu Newbie


            thanks for the clear and concise explaination. /dan

            • 3. Re: identity management @RoleGroup
              Beyaz  Newbie

              I was having some trouble with the concept myself, I guess there are many different ways how this can be implemented but following worked for me.

              Role             Member of groups
              claimUser     systemUser, addClaim     
              loanUser     systemUser, addLoan     
              systemUser     viewClaim, viewLoan     

              And I allow user to select only roles with Groups. Based on the structure above, user ca be assigned following role(s) :systemUser, claimUser and loanUser