directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: Access Manager Role Filtering
Date Sun, 09 Oct 2016 15:07:52 GMT

> On Oct 9, 2016, at 9:49 AM, Shawn McKinney <smckinney@apache.org> wrote:
> 
> Now let’s consider the object identity, which can be associated with the permobj. 
What would then happen when we have multiple perm ous associated with the children - how can
they all have the same object identity?

Correction - object id is stored on the permission operation entity and is actually part of
the dn,

e.g.

ftObjId=001+ftOpNm=Read,ftObjNm=Customer,ou=Permissions,ou=RBAC,dc=example,dc=com
ou = App123

ftObjId=002+ftOpNm=Update,ftObjNm=Customer,ou=Permissions,ou=RBAC,dc=example,dc=com
ou = App456

ftObjId=003+ftOpNm=Update,ftObjNm=Customer,ou=Permissions,ou=RBAC,dc=example,dc=com
ou = App789
Mime
View raw message