Versions Compared

Old Version 19

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version 20

changes.mady.by.user Team Oktopus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Page Properties
hiddentrue

Status

Status
colourYellow
titleprogress

Priority2
Note
AssigneeInga for review

Resources

Remarks

...

To assign individual roles to the users of the system, either an organization.xml file is evaluated in the same Organization service configuration (~/service-manager/config/organization) or an external identity provider is used, which takes over the responsibility for role assignment from the organization.xml, causing that file to no longer be evaluated. In both solutions, individual UUIDs or names of individual users are assigned to roles by their unique names as defined in the roleset.xml file.  

...

If an identification provider is active in your system, the role administration duties can be transferred to the organization service using Trusted mode, which can be activated by running the authentication-service using the value "trusted" in the authentication.provider parameter and the organization service using the profile "trusted".  Doing so delegates the role-user-mapping to the config/organizationServiceorganization/organization.xml file, which can be modified, like any other file managed by the Configuration service, using the config git repository. 

Code Block
titleExample organization.xml
<?xml version="1.0" encoding="utf-8"?>
<organization xmlns="http://optimal-systems.org/ns/dmscloud/organization/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://optimal-systems.org/ns/dmscloud/organization/ dmsCloud-organization.xsd">
    <user>
        <name>root</name>
        <role>AdminRole</role>
    </user>
    <user>
        <name>Emil</name>
        <role>RoleEmail</role>
    </user>
    <user>
        <name>Doris</name>
        <role>RoleDocument</role>
    </user>
    <user>
        <name>Eduard</name>
        <role>RoleEmail</role>
        <role>RoleDocument</role>
    </user>
    <user>
        <name>Edmund</name>
        <role>RoleEmailAndDocument</role>
    </user>
</organization>
</roleSet>


Adding/Removing Permissions by Directly Accessing the Config Git Repository

...

Now that you know how you can interact with the permission system, you may want to proceed to creating a permissions file befitting your requirements. Find example permission files in the Permissions via Roles concept article


Info
iconfalse

More Tutorials

Section


Column
width25%

Authentication against the Core API

This tutorial shows how to authenticate a Java client at the Core API. Keep reading


Column
width25%

Permissions via Roles

Details about the structure of the Permission System, including example files. Keep reading


Column
width25%

Access Authorization for Endpoints

Insert excerpt
Access Authorization for Endpoints
Access Authorization for Endpoints
nopaneltrue
 Keep reading



...