Class: Scimitar::Schema::Rbac::Role
- Inherits:
-
Base
- Object
- Base
- Scimitar::Schema::Rbac::Role
- Defined in:
- lib/scimitar/rbac/schema/role.rb
Overview
SCIM schema for the Role resource as defined in the RBAC profile for SCIM (Baumer et al., 2023).
Roles are the central RBAC entity, serving as an intermediate between Users and Entitlements (permissions). The schema supports:
-
Core RBAC: User <-> Role <-> Entitlement assignments
-
Hierarchical RBAC: Role hierarchies via parentRoles/childRoles
-
Constrained RBAC: Cardinality constraints on assignments
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(options = {}) ⇒ Role
constructor
A new instance of Role.
Constructor Details
#initialize(options = {}) ⇒ Role
Returns a new instance of Role.
16 17 18 19 20 21 22 23 |
# File 'lib/scimitar/rbac/schema/role.rb', line 16 def initialize( = {}) super( name: "Role", id: self.class.id, description: "Represents an RBAC Role — an intermediate entity between Users and Entitlements (permissions).", scim_attributes: self.class.scim_attributes ) end |
Class Method Details
.id ⇒ Object
25 26 27 |
# File 'lib/scimitar/rbac/schema/role.rb', line 25 def self.id "urn:ietf:params:scim:schemas:extension:rbac:2.0:Role" end |
.scim_attributes ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/scimitar/rbac/schema/role.rb', line 29 def self.scim_attributes @scim_attributes ||= [ Scimitar::Schema::Attribute.new(name: "displayName", type: "string", required: true), Scimitar::Schema::Attribute.new(name: "type", type: "string"), Scimitar::Schema::Attribute.new(name: "description", type: "string"), Scimitar::Schema::Attribute.new(name: "entitlements", multiValued: true, complexType: Scimitar::ComplexTypes::Rbac::EntitlementAssignment), Scimitar::Schema::Attribute.new(name: "parentRoles", multiValued: true, complexType: Scimitar::ComplexTypes::Rbac::HierarchyMember), Scimitar::Schema::Attribute.new(name: "childRoles", multiValued: true, complexType: Scimitar::ComplexTypes::Rbac::HierarchyMember, mutability: "readOnly"), Scimitar::Schema::Attribute.new(name: "limitedAssignmentsPermitted", type: "integer"), Scimitar::Schema::Attribute.new(name: "totalAssignmentsPermitted", type: "integer"), Scimitar::Schema::Attribute.new(name: "totalAssignmentsUsed", type: "integer", mutability: "readOnly"), ] end |