-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Role based user provisioning improvements #5915
base: master
Are you sure you want to change the base?
Role based user provisioning improvements #5915
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #5915 +/- ##
=========================================
Coverage ? 21.05%
Complexity ? 5626
=========================================
Files ? 1562
Lines ? 99299
Branches ? 15202
=========================================
Hits ? 20904
Misses ? 75374
Partials ? 3021 ☔ View full report in Codecov by Sentry. |
PR builder started |
PR builder completed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/10713577446
|
||
RoleBasicInfo roleBasicInfo = ProvisioningServiceDataHolder.getInstance().getRoleManagementService() | ||
.getRoleBasicInfoById(roleId,tenantDomain); | ||
// Only organization audience roles are supported for role based outbound provisioning |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be backwards compatible?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before IS 7.0 all the roles are organization audience roles. Hence previous roles and new roles created with organization audience role can be used for role base outbound provisioning.
The new type of role which is application audience roles came with IS 7.0. How to handle the role based provisioning for those types of roles should be analyzed due to below concerns.
- Role name are not unique hence we have to register role uuid or role prefixed with its corresponding app name
- As outbound provisioning is organization wide config by default (we can configure app wise also), the use cases of having application roles for role based outbound provisioning required to be analyzed.
Due to above concerns, outbound provisioning for application audience is not given at first phase.
Hope the explanation is clear enough, please raise if there any concerns. Here backward compatibility is preserved as here the application roles means not the Application/<role-name>
role type had in previous IS versions.
Proposed changes in this pull request
$subject
Related Issues