directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn McKinney (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (FC-217) Option to disable role occupants
Date Wed, 12 Jul 2017 22:02:00 GMT

     [ https://issues.apache.org/jira/browse/FC-217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Shawn McKinney closed FC-217.
-----------------------------

> Option to disable role occupants
> --------------------------------
>
>                 Key: FC-217
>                 URL: https://issues.apache.org/jira/browse/FC-217
>             Project: FORTRESS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0
>            Reporter: Shawn McKinney
>            Assignee: Shawn McKinney
>             Fix For: 2.0.1
>
>
> Fortress supports two way user-role assignments.  That is the role attribute is stored
on user object, and the user membership is on the Role object.  The latter is to be compatible
with non-rbac implementations that use traditional group membership lookups for access control.
 
> The problem is when group have large numbers of users, i.e. 10’s of thousands, performance
degrades on the edits of those objects.
> Strictly speaking fortress doesn’t need to associate user membership with roles, for
its RBAC controls.
> add a option to disable, with config switch:
> role.occupants = false <— disable role-to-user mapping
> role.occupants = true <— enable role-to-user mapping



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message