Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] changelog implementation sketch

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] changelog implementation sketch

Chronological Thread 
  • From: "Tom Zeller" <>
  • To: "Tom Barton" <>
  • Cc: "GW Brown, Information Systems and Computing" <>, "Grouper Dev" <>
  • Subject: Re: [grouper-dev] changelog implementation sketch
  • Date: Fri, 6 Jun 2008 13:34:36 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=OuytkjV89+MDYvp7bkz/68XsYTWuywCy9xvY5YhECXrKgCj1s/5nVLFAwQVdzNOlR5 QV/JVw3VmtRhdJ3njvwvLD9+lbPEU6/Pf85vAw7wHBUDNEgz5Td8dtFaIhhwIeiJTXka BVs/MIhX6oP1wUvRAqpr4Bfn6hzkGwtZy1TCE=

On Fri, Jun 6, 2008 at 9:27 AM, Tom Barton <> wrote:
Tom Zeller wrote:
       8) We should also audit/notify when a Member's subject id is changed

       I've worked out an example for this.

   Interesting. Strictly speaking we don't remove/add members where we
   change subject id, on the other hand consumers of the affected
   groups would probably want to 'know' about such changes. Possibly we
   could indicate the member_uuid as well as the subject identifiers
   without implying and add/remove?

 Ah, right, membership persists when subject ids change as far as grouper is concerned. Perhaps consumers would just have to know whether or not to ignore consequent membership changes in the same change as a subjectId modification.

I think a change to a subjectId is needed for audit, but should be transparent to notification. Only grouper needs to know about such a change - presumably if the change has impact in other parts of a site's IAM operation, they'll make corresponding updates using tools other than their group management system.

This makes me think about how transactions are bundled and assigned change numbers. A "change subjectId" action probably shouldn't be bundled into a transaction that also impacts groups, stems, or memberships. Is that how it works now?

Well, "change subjectid" actions were bundled when I thought that changing a member's subjectId should include auditing effective group membership changes, but I see now that those group membership changes shouldn't be audited after all. So, changing a subjectId looks like an atomic (stand alone, unbundled) change. phew.

Changes to grouper metadata also fall into the same category.

Maybe a "transparent change" boolean column is needed in the audit table, to let notifiers skip transparent changes?

With the current set of re-worked examples, it looks like the only changes of interest to consumers for notification are those of the 'group' object_type. If the changed object_type is 'stem' or 'type' or 'subject', then consumers can ignore those changes, but they are audited. So I'm leaving the "transparent change" column out for now, unless other convincing occurs.

Archive powered by MHonArc 2.6.16.

Top of Page