Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleObject collections feature

This configuration is just a very simple way how to configure object collections feature. The object collections feature is a planned feature that will enable grouping objects in an arbitrary way and then reuse the groupings in role catalog, menu, dashboards and so on. This feature currently waits for a sponsor (

JIRA
serverEvolveum Jira
serverId701b45f2-090c-3276-8ac9-f45eedf731bc
keyMID-3517
). If you are interested in sponsoring this feature please contact Evolveum.

Selection Multiplicity

TODO

Assignment Constraints

Assignment constraints are often used to constraint role assignment multiplicity, e.g. whether it is possible to request the same role several times. Default assignment constraints are specified in system configuration object. These constraints are applied globally to the entire system. The constraint is composed from two boolean flags:

  • allowSameTarget: Constraint all assignments that have the same target. I.e. multiple assignments of the same (abstract) role. If allowSameTarget=true then multiple assignments of the same role are allowed. If allowSameTarget=false then multiple assignments of the same role are prohibited (but see also below).
  • allowSameRelation: Constraint all assignments that have the same relation. E.g. if allowSameTarget=true and allowSameRelation=false then multiple assignments of the same role are allowed as long as they have different relation.

The constraints can be used to enforce single-assignment role policy like this:

Code Block
languagexml
<systemConfiguration>
    ...
    <roleManagement>
        <defaultAssignmentConstraints>
            <allowSameTarget>false</allowSameTarget>
            <allowSameRelation>false</allowSameRelation>
        </defaultAssignmentConstraints>
    </roleManagement>
   ...
</systemConfiguration>

See Also