Grouper Developers Forum

[Chris Hyzer <>]

In grouper a role is always a group, but a group is not always a role...  I 
wanted a group to be a role, just assign permissions to it when you want to, 
or assign role inheritance, but I think other people wants some distinction 
there.  In Grouper's implementation we implement roles as groups, but not 
everyone does I guess... (kuali, aws iam?)

Sure, lets make some REST resources for permissions.  For assigning 
permissions, it needs to be to a role or individual (and in Grouper, it is in 
the context of a role... i.e. the user must be assigned the role to be able 
to have individual assignments to it).

Thanks,
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Jim Fox
Sent: Monday, December 09, 2013 6:03 PM
To: Grouper Dev
Subject: [grouper-dev] CIFER API for authz



We may have an application at Udub for grouper's permissions
capabilities.  It needs to be through a REST API though.  Can we
make some progress on that?  At least in the definition of resources?

While we're at it: Why the distinction between group and role?  Isn't a
role just a group with some particular attributes?  When is a role
not a group?


Something like these?

1) permission definition

2) permission assignment (attribute definition on a group)

3) limit something

4) some way to GET a test of authorization


Jim