Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] some attribute framework discussion topics

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] some attribute framework discussion topics


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Tom Barton <>
  • Cc: Grouper Dev <>
  • Subject: RE: [grouper-dev] some attribute framework discussion topics
  • Date: Thu, 8 Apr 2010 16:51:16 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

Tom and I discussed, and I believe what he is going for is to make READ and
UPDATE on attributes be public, which you can do with these settings in the
grouper.properties (I added this to the attribute framework wiki):

* To make attributes easier to use, you can set these settings in the
grouper.properties to make attributes "public". This means that if you have
the appropriate security on the underlying object, you can add / edit /
delete attributes from the object

attributeDefs.create.grant.all.attrRead = true|false
attributeDefs.create.grant.all.attrUpdate = true|false


Regards,
Chris

-----Original Message-----
From: Chris Hyzer
Sent: Monday, April 05, 2010 12:28 PM
To: 'Tom Barton'
Cc: Grouper Dev
Subject: RE: [grouper-dev] some attribute framework discussion topics

The UPDATE privilege on the attributeDef means you can assign it (well, you
might need more, but at least that). If you think we only need READ, then
you and I need to discuss on the phone so we can get on the same page.


> The analog for a stem of ADMIN for a group is STEM. Like my rationale
> for groups, for the time being perhaps just let those with STEM who can
> READ an attribute assign it to the stem.

Per our discussion on the dev call with Shilen, any stem STEMMER or CREATOR
can assign an attribute (they can UPDATE)

>
> > Members
> >
> > - read attribute
> > - read attribute
> >
> > - assign attribute
> > - wheel or root? and update attribute
>
> Wheel sounds right, at least for now. I don't see the need for UPDATE on
> the attribute here.

I think we need a group for this that you specify in grouper.properties (or
wheel)... lets see if I get to it. Someone will want to use member
attributes who is not wheel...

> > - assign the attribute
> > - update the underlying assignment? (follow the above rules), and
> > update the attribute
>
> Is "this assignment expires next Wednesday" an example of an assignment
> on an attribute assignment? What's a better example, to help guide our
> thinking about this?

Yeah, or, e.g. for a permission you assign to a person in a role (membership
attribute), but you want to say that permission is only for a certain time of
day, from a certain ip range, on certain slices of the data, etc.

Anyways, this needs to get resolved at latest by the end of the next dev
meeting. If you want to discuss earlier, send me your available so we can
talk on the phone.

Thanks,
Chris



Archive powered by MHonArc 2.6.16.

Top of Page