Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] Grouper design call, Wednesday, 18 May 2005, 1200EDT (1600Z), 60 minutes

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] Grouper design call, Wednesday, 18 May 2005, 1200EDT (1600Z), 60 minutes

Chronological Thread 
  • From: Tom Barton <>
  • To: "GW Brown, Information Systems and Computing" <>
  • Cc:
  • Subject: Re: [grouper-dev] Grouper design call, Wednesday, 18 May 2005, 1200EDT (1600Z), 60 minutes
  • Date: Thu, 26 May 2005 08:58:08 -0500

GW Brown, Information Systems and Computing wrote:
2)Similarly, a GrouperList.firstInChain method would allow me to
indicate in the UI which immediate membership of the current group
caused an effective membership.

_GrouperList.via()_ provides the first group in the via chain.

Confusion over direction! I was working from the 'working' group to the immediate membership ultimately responsible for the effective membership i.e. if groupA has groupB as a member has groupC as a member has subject Z as a member I was interested in groupB->groupC

Algorithmically, it is more efficient to start with a subject and determine all of its effective memberships than to start with a group and recursively determine its effective members. The API manages effective membership using the former approach. To best leverage what's already there, perhaps what is needed is a method that takes the set of all "upward" membership chains starting from a subject and prunes that set to retain only those chains that terminate on a specified group. That depicts the set of "reasons" why the subject has the effective membership (or priv).

Should such a method be in the UI or API?

e.g. can you revoke a privilege for an individual when it was granted to
a group?

You should not be able to. If you can it is a bug. You need to remove
the individual from the group that they are an immediate member of to
revoke the privilege.

I wasn't suggesting that this happened - just that anyone using the UI would in effect try to do this. I think we need to make it clear, in the UI, how a subject came to have a privilege/membership - atleast as a prerequisite to modifying privileges/memberships. It is impossible to know what to expect otherwise.

See above.


Archive powered by MHonArc 2.6.16.

Top of Page