Details

    • Type: Story
    • Status: Resolved (View workflow)
    • Priority: High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.6.0.0
    • Component/s: None
    • Labels:
    • Epic Link:
    • Sprint:
      Sprint 142, Sprint 143
    • Story Points:
      3
    • Capitalizable:
      True

      Description

      As Identity I want Repose to apply RCN level roles so that we can connect multiple domains to a single RCN.

      (part of account management, seamless experience, Identity release 3.12 early July, Our target date is to release in June for Identity to consume and test with.

      Single domain —> admin user, domain, tenants and roles are all on single level. Seamless wants to connect multiple domains to a single RCN. Domain level roles are not associated with a tenant. Tenant level actions will be at the tenant level. The problem is, with RCN level roles, say the user is in domain A, then changes to domain B, (non-tenanted?) roles in domain B need to not bleed over to domain A.

      Our calls to identity will have an ?apply_rcn_roles (query parameter) so that validate calls, endpoint calls, and groups calls with this parameter will make sure every (non-tenanted?) role is associated with every tenant on domain B.

      People who want it add a query parameter to their requests.

      Put in another way:

      Domain is a collection of users. There is an admin for each domain that can create users.
      There's a concept of "RCN" that will combine Domains together. There are users that have access that spans domains but still belong to a specific domain. The issue is that when you look at "role1" (non-tenanted role) for one domain, it should not apply to any other domain.

      Tenant IDs are not unique across domains.

      Acceptance Criteria:

      • Need to support turning this on or off, default is off
      • Flag is sent on Identity calls asking for RCN level roles
        • Flag is the existence of the query parameter
      • All keystone logic applies to the role (keystone v2v2)
      • Keystone v3 filter will be updated at some point in the future.

        Attachments

          Activity

            People

            • Assignee:
              wdschei Bill Scheidegger
              Reporter:
              kari.davis Kari Davis
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: