3 Replies Latest reply on Feb 17, 2011 5:44 PM by Beyaz

    identity management @RoleGroup

    dan liu Newbie

      Hi,


      I am a bit confused of the @RoleGroup concept.


      The description of Role says:
      Role can be granted either to users (or in some cases to other roles).


      The definition of @RoleGroup says:
      This annotation marks the field or method containing the group memberships of the role.


      And in the coding examples it shows:


      @RoleGroups
      @ManyToMany(targetEntity = Role.class)
      @JoinTable(name = "RoleGroups",
          joinColumns = @JoinColumn(name = "RoleId"),
          inverseJoinColumns = @JoinColumn(name = "GroupId"))
      public Set<Role> getGroups() { return groups; }
      public void setGroups(Set<Role> groups) { this.groups = groups; }
      



      Where it seems that @RoleGroups is annotatet a group of other roles.


      Question:
      1) what is the need for @RoleGroup or why we need to role to other roles?
      2) how seam identity mangament can support data model with user and usergroup?


      Thanks /dan

        • 1. Re: identity management @RoleGroup
          Marco Röösli Newbie

          @RoleGroups is used in your Role class. It says that a Role can have other Roles.


          Users can hava a role and this role can have other roles. This concept is for implicit roles.


          Here an example:


          If you have a Role Developers and a subRole : GUI-Developers you can say all who have the GUI-Developer Role automaticly have the Role Developers.


          In this case you add the Role Developers to RoleGroups of GUI-Developers


          If you grant the Role GUI-Developers to a User, this user implicit also have the Role Developers.
          With this approach you don't need to grant both Roles to the User.


          This makes sens if you have a lot of cascaded Roles.


          Seam automaticly resolves this RoleGroups while checking permissions.



          Greetz Marco

          • 2. Re: identity management @RoleGroup
            dan liu Newbie

            Marco,


            thanks for the clear and concise explaination. /dan

            • 3. Re: identity management @RoleGroup
              Beyaz  Newbie

              I was having some trouble with the concept myself, I guess there are many different ways how this can be implemented but following worked for me.



              Role             Member of groups
              addClaim          
              addLoan          
              admin          
              claimUser     systemUser, addClaim     
              loanUser     systemUser, addLoan     
              systemUser     viewClaim, viewLoan     
              user          
              viewClaim     
              viewLoan



              And I allow user to select only roles with Groups. Based on the structure above, user ca be assigned following role(s) :systemUser, claimUser and loanUser