directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: All or Anonymous User Roles
Date Thu, 10 Dec 2015 20:40:05 GMT

> On Dec 10, 2015, at 12:28 PM, Shawn McKinney <> wrote:
> Of course this doesn’t solve the provisioning use case we discussed earlier, i.e. assigning
one or the other role.  But wait, maybe it does… could we always assign both and then just
activate one or the other?  Thinking…. 

Here’s an idea:

We create a new role validation constraint that activates/deactivates a role based on whether
the session is bound.  That way we assign both roles: AuthUser and AnonUser.  AuthUser activates
iff isAuthenticated=true.  AnonUser activates iff isAuthenticated=false.  

You can then have permissions granted to these roles as needed.



View raw message