Changes between Version 19 and Version 20 of S3/S3AAA/OrgAuth


Ignore:
Timestamp:
09/04/12 09:45:58 (12 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA/OrgAuth

    v19 v20  
    1313In an organizational structure, a person entity can be a sub-unit ('''organization unit''', OU) of another person entity. E.g. an office can be a sub-unit of an organisation, or a person a sub-unit of a team.
    1414
    15 === Roles and Realms ===
     15=== Realms ===
    1616
    17 The realm of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record.
     17The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record.
     18
     19=== Role Restrictions ===
    1820
    1921In all !OrgAuth policies, a role assignment for a user (and thus all the permissions the user receives out of this role) can be restricted to a particular realm.
    20 
    2122=== Realm Hierarchy ===
    2223