[CWD-1999] Deprecate the current concept of Roles in Crowd

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.1
Component/s: Backend / Domain Model , Directory - Internal/Delegated, Directory - LDAP, SOAP
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Currently, roles in Crowd are just another container for users - just like groups.

In fact, in Crowd 2.0, roles were migrated to be implemented as groups, with a "LEGACY_ROLE" group type.

We should officially deprecate roles as they do not offer anything more than groups do, and contribute to confusion both within the code and to end users.

This will mean deprecating:

role queries on the SOAP API
the "LEGACY_ROLE" group type
deprecating roles in the UI or putting some notice in the UI to state that roles should not be used, use groups instead

shihab added a comment - 30/Nov/2010 2:19 AM

We have deprecated the use of roles in the docs, we will remove them entirely later.

shihab added a comment - 30/Nov/2010 2:19 AM We have deprecated the use of roles in the docs, we will remove them entirely later.

shihab added a comment - 11/Nov/2010 11:00 PM

Hi Steffen,

Deprecating the current concept of roles in Crowd is a first step in removing the confusion surrounding groups and roles.

The problem with groups and roles in the current implementation, and since Crowd's inception, was that groups and roles offered no functional difference. A role was just another name for a group.

We would like to leave these issues open:

~~CWD-57~~: this is a feature to allow delegated administration in Crowd. It's not on the short term roadmap, but the reason for keeping this issue there is so that we can track the feature and so that Crowd users can weigh in their comments on what specific requirements they have for the feature / vote on the feature.
~~CWD-931~~: this is a more generic issue to allow Crowd users to help define what roles should mean in Crowd.

Cheers,

-Shihab

shihab added a comment - 11/Nov/2010 11:00 PM Hi Steffen, Deprecating the current concept of roles in Crowd is a first step in removing the confusion surrounding groups and roles. The problem with groups and roles in the current implementation, and since Crowd's inception, was that groups and roles offered no functional difference. A role was just another name for a group. We would like to leave these issues open: CWD-57 : this is a feature to allow delegated administration in Crowd. It's not on the short term roadmap, but the reason for keeping this issue there is so that we can track the feature and so that Crowd users can weigh in their comments on what specific requirements they have for the feature / vote on the feature. CWD-931 : this is a more generic issue to allow Crowd users to help define what roles should mean in Crowd. Cheers, -Shihab

Steffen Opel added a comment - 11/Nov/2010 6:22 PM

Discovering this issue by chance has been a bit or a surprise to me, given that I've recently studied ~~CWD-931~~ out of the need to configure a respective JIRA project roles alike permission scheme across all Atlassian tools in use by us. We are extremely happy with the SSO capabilities provided by Crowd in general (except for the one missing SSO piece: ~~CWD-1440~~, am looking forward to 2.1! and having a role concept available as discussed and agreed by most commenters on ~~CWD-931~~ is the one important thing missing in comparison to solutions available and in use elsewhere (e.g. your very own JIRA).

Now, I can understand that implementing roles properly might be difficult and/or not of high priority (despite the comparatively many votes), but shouldn't you at least close ~~CWD-931~~ then (and likely ~~CWD-57~~ as well, which is blocked in turn) to save your customers from spending time on topics which (apparently) won't get fixed anymore? Or does the issue at hand not affect ~~CWD-931~~ in principle, rather only really addresses the current concept of Roles and the respective duplication with groups (which is indeed superfluous and confusing)?

Thanks much,
Steffen Opel

Steffen Opel added a comment - 11/Nov/2010 6:22 PM Discovering this issue by chance has been a bit or a surprise to me, given that I've recently studied CWD-931 out of the need to configure a respective JIRA project roles alike permission scheme across all Atlassian tools in use by us. We are extremely happy with the SSO capabilities provided by Crowd in general (except for the one missing SSO piece: CWD-1440 , am looking forward to 2.1! and having a role concept available as discussed and agreed by most commenters on CWD-931 is the one important thing missing in comparison to solutions available and in use elsewhere (e.g. your very own JIRA). Now, I can understand that implementing roles properly might be difficult and/or not of high priority (despite the comparatively many votes), but shouldn't you at least close CWD-931 then (and likely CWD-57 as well, which is blocked in turn) to save your customers from spending time on topics which (apparently) won't get fixed anymore? Or does the issue at hand not affect CWD-931 in principle, rather only really addresses the current concept of Roles and the respective duplication with groups (which is indeed superfluous and confusing)? Thanks much, Steffen Opel

Crowd Data Center

Details

Description

Attachments

Forms

Activity

Collapse comment: shihab added a comment - 30/Nov/2010 2:19 AM

Expand comment: shihab added a comment - 30/Nov/2010 2:19 AM

Collapse comment: shihab added a comment - 11/Nov/2010 11:00 PM

Expand comment: shihab added a comment - 11/Nov/2010 11:00 PM

Collapse comment: Steffen Opel added a comment - 11/Nov/2010 6:22 PM

Expand comment: Steffen Opel added a comment - 11/Nov/2010 6:22 PM

People

Dates