Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] built-in attribute/hook for folder level security

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] built-in attribute/hook for folder level security

Chronological Thread 
  • From: Mirko Tasler <>
  • To: Chris Hyzer <>
  • Cc: Grouper Dev <>
  • Subject: Re: [grouper-dev] built-in attribute/hook for folder level security
  • Date: Wed, 26 May 2010 10:35:39 +0200

> Use case: I want all subgroups in a folder to have a READer of group
> a:b:c without having to remember to add it to each group.
> Proposed solution: Stem attribute where you can set the privileges
> and groups which should have those privileges on subobjects. Then
> some hooks would make it happen.
> Thoughts? Thanks, Chris
> Ps. Note, Im not sure we have hooks on the new attribute framework
> yet, so this might be a 1.6.1 thing... :)

I was working on something similar in the past, but didn't finish it yet.

We wanted to solve exactly the same use case, however my plan was to
create a Group type (let's call it "ancestorGroup") with one or multiple
other groups as attributes. Every attributed-group here would then
receive certain privileges for groups and stems below the
ancestorGroup's parent stem on creation/update by a hook. Same goes for
ancestorGroup type removal, a hook could then remove all privileges too.

However, this was horribly slow on some tests...

Mirko Tasler | FU Directory and Identity Service (FUDIS)

| Identity & Customer Management
| ZEDAT Freie Universit├Ąt Berlin

Archive powered by MHonArc 2.6.16.

Top of Page