Grouper Developers Forum

[Mirko Tasler <>]

> Use case: I want all subgroups in a folder to have a READer of group
> a:b:c without having to remember to add it to each group.
>
> Proposed solution: Stem attribute where you can set the privileges
> and groups which should have those privileges on subobjects.  Then
> some hooks would make it happen.
[...]
> Thoughts? Thanks, Chris
>
> Ps. Note, Im not sure we have hooks on the new attribute framework
> yet, so this might be a 1.6.1 thing...  :)

I was working on something similar in the past, but didn't finish it yet.

We wanted to solve exactly the same use case, however my plan was to
create a Group type (let's call it "ancestorGroup") with one or multiple
other groups as attributes. Every attributed-group here would then
receive certain privileges for groups and stems below the
ancestorGroup's parent stem on creation/update by a hook. Same goes for
ancestorGroup type removal, a hook could then remove all privileges too.

However, this was horribly slow on some tests...

--
Mirko Tasler              | FU Directory and Identity Service (FUDIS)

 | Identity & Customer Management
                          | ZEDAT Freie Universität Berlin