Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add user attributes to policy conditions #1645

Closed
cornelinux opened this issue May 23, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@cornelinux
Copy link
Member

commented May 23, 2019

Policies should not only match for realms, resolvers and usernames but also for arbitrary user attributes.

This way attributes can be dynamically read from the user source (like attributes from LDAP, group memberships...) and be used for matching policies.

@cornelinux

This comment has been minimized.

Copy link
Member Author

commented May 23, 2019

oups, this was already defined in #1436

@cornelinux

This comment has been minimized.

Copy link
Member Author

commented Jun 8, 2019

  • We already pass the user information (user object) to the policy handling in get_policies and get_action_values
    This is why we do not need to pass anything in addtion. The policy handling can determine the user object and determine it's attributes.

  • We need to add a database field or whatever for the user_attributes. As the policy might match for several different user attributes at the same time, we need to be able to attach several attributes. to a policy. (Obviously we need a condition table).

@fredreichbier

This comment has been minimized.

Copy link
Member

commented Jun 12, 2019

Closing this because it's a duplicate of #1436.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.