• Type: Story
    • Status: Resolved (View workflow)
    • Priority: High
    • Resolution: Done
    • Affects versions: None
    • Fix versions:
    • Components: None
    • Labels:
    • Epic Link:
    • Sprint:
      Sprint 142, Sprint 143
    • Story Points:
    • Capitalizable:


      As Identity I want Repose to apply RCN level roles so that we can connect multiple domains to a single RCN.

      (part of account management, seamless experience, Identity release 3.12 early July, Our target date is to release in June for Identity to consume and test with.

      Single domain —> admin user, domain, tenants and roles are all on single level. Seamless wants to connect multiple domains to a single RCN. Domain level roles are not associated with a tenant. Tenant level actions will be at the tenant level. The problem is, with RCN level roles, say the user is in domain A, then changes to domain B, (non-tenanted?) roles in domain B need to not bleed over to domain A.

      Our calls to identity will have an ?apply_rcn_roles (query parameter) so that validate calls, endpoint calls, and groups calls with this parameter will make sure every (non-tenanted?) role is associated with every tenant on domain B.

      People who want it add a query parameter to their requests.

      Put in another way:

      Domain is a collection of users. There is an admin for each domain that can create users.
      There's a concept of "RCN" that will combine Domains together. There are users that have access that spans domains but still belong to a specific domain. The issue is that when you look at "role1" (non-tenanted role) for one domain, it should not apply to any other domain.

      Tenant IDs are not unique across domains.

      Acceptance Criteria:

      • Need to support turning this on or off, default is off
      • Flag is sent on Identity calls asking for RCN level roles
        • Flag is the existence of the query parameter
      • All keystone logic applies to the role (keystone v2v2)
      • Keystone v3 filter will be updated at some point in the future.




            • Assignee:
              wdschei Bill Scheidegger
              kari.davis Kari Davis
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: