Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] CIFER API for authz

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] CIFER API for authz

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Jim Fox <>, Grouper Dev <>
  • Subject: RE: [grouper-dev] CIFER API for authz
  • Date: Mon, 9 Dec 2013 23:35:45 +0000
  • Accept-language: en-US

In grouper a role is always a group, but a group is not always a role... I
wanted a group to be a role, just assign permissions to it when you want to,
or assign role inheritance, but I think other people wants some distinction
there. In Grouper's implementation we implement roles as groups, but not
everyone does I guess... (kuali, aws iam?)

Sure, lets make some REST resources for permissions. For assigning
permissions, it needs to be to a role or individual (and in Grouper, it is in
the context of a role... i.e. the user must be assigned the role to be able
to have individual assignments to it).


-----Original Message-----

On Behalf Of Jim Fox
Sent: Monday, December 09, 2013 6:03 PM
To: Grouper Dev
Subject: [grouper-dev] CIFER API for authz

We may have an application at Udub for grouper's permissions
capabilities. It needs to be through a REST API though. Can we
make some progress on that? At least in the definition of resources?

While we're at it: Why the distinction between group and role? Isn't a
role just a group with some particular attributes? When is a role
not a group?

Something like these?

1) permission definition

2) permission assignment (attribute definition on a group)

3) limit something

4) some way to GET a test of authorization


Archive powered by MHonArc 2.6.16.

Top of Page