Subject: Grouper Developers Forum
Re: [grouper-dev] built-in attribute/hook for folder level security
- From: Mirko Tasler <>
- To: Chris Hyzer <>
- Cc: Grouper Dev <>
- Subject: Re: [grouper-dev] built-in attribute/hook for folder level security
- Date: Wed, 26 May 2010 10:35:39 +0200
> Use case: I want all subgroups in a folder to have a READer of group
> a:b:c without having to remember to add it to each group.
> Proposed solution: Stem attribute where you can set the privileges
> and groups which should have those privileges on subobjects. Then
> some hooks would make it happen.
> Thoughts? Thanks, Chris
> Ps. Note, Im not sure we have hooks on the new attribute framework
> yet, so this might be a 1.6.1 thing... :)
I was working on something similar in the past, but didn't finish it yet.
We wanted to solve exactly the same use case, however my plan was to
create a Group type (let's call it "ancestorGroup") with one or multiple
other groups as attributes. Every attributed-group here would then
receive certain privileges for groups and stems below the
ancestorGroup's parent stem on creation/update by a hook. Same goes for
ancestorGroup type removal, a hook could then remove all privileges too.
However, this was horribly slow on some tests...
Mirko Tasler | FU Directory and Identity Service (FUDIS)
| Identity & Customer Management
| ZEDAT Freie Universität Berlin
- built-in attribute/hook for folder level security, Chris Hyzer, 05/20/2010
- Re: [grouper-dev] built-in attribute/hook for folder level security, Mirko Tasler, 05/26/2010
Archive powered by MHonArc 2.6.16.