1

How can I group the permissions using Picketlink[1] in such a way that I can assign one or more especific Groups of permissions to a Role ?

Thanks in advance.

Edwin Estévez
  • 36
  • 5

1 Answers1

0

Have you read the official documentation before asking? If yes, showing us your efforts would make it easier to help you. If not, please take a look at this.

I'm asking you this for a reason: I think you've misunderstood the concepts of Group, Role and Permission.

A Group is used to manage collections of identity types. For instance, Alice and Bob could be User identities which are member of "employees" group.

The Role is used in various relationship types to designate authority to another identity type to perform various operations within an application. For example, Trent could be an User identity with the role of "moderator".

Permissions can be assigned to User, Groups and Roles. It's up to you to choose in which way(s) to manage permissions in your application.

Access control can be based on Groups ("only employees can use this method"), Roles ("only moderators can delete posts") or even Users ("I am the only one who can eat bacon here!"). This can be done with the use of the Permission API, as explained in the documentation linked above.

Trust me, I know it could be not so simple at first - but please make an effort; then feel free to ask anything :)

Let us know!

Answer to comments

As you said, PicketLink's Permission API only lets you assign one permission at a time. Anyways, note that even if you have to grant one permission at a time, this doesn't mean you can't grant multiple permissions to an instance:

permissionManager.grantPermission(adminRole, resource, myPermissions.CREATE)
permissionManager.grantPermission(adminRole, resource, myPermissions.DELETE)
permissionManager.grantPermission(adminRole, resource, myPermissions.UPDATE)

grants 3 permissions to every user that has adminRole and needs to invoke resource.

Community
  • 1
  • 1
d33pcode
  • 27
  • 7
  • Hello d33pcode. I already have read the Picketlink official documentation. Maybe, you misunderstood my question. I asked if I can make a Group of permissions but not like the picketlink Group does which just groups Users and Roles. I want to group my permissions in a permission group and then assing it to a Role. I want to assing a group of permissions to a Group but not in the way that picketlink does, at least in the examples. – Edwin Estévez Mar 16 '16 at 17:20
  • In picketlink you can assign one permission to a Role at a time, by example: permissionManager.grantPermission(ADMIN, "create_permission", "create") but I just want to assign a permission group to a Role: permissionManager.grantPermission(ADMIN, "permission_group", group) where group is a group of permissions. Regards. – Edwin Estévez Mar 16 '16 at 17:20
  • I want to implement my security in this way: User, User_Roles, Roles, Roles_GroupPermission, GroupPermission, GroupPermission_Permissions, Permisssion. I hope you can understand my point. Thanks in advance. – Edwin Estévez Mar 16 '16 at 17:31