Grouper Developers Forum

[Jim Fox <>]

> In grouper a role is always a group, but a group is not always a role...  I 
> wanted a group to be a role, just assign permissions to it when you want 
> to, or assign role inheritance, but I think other people wants some 
> distinction there.

Who?


>  In Grouper's implementation we implement roles as groups, but not everyone 
> does I guess... (kuali, aws iam?)
> 
> Sure, lets make some REST resources for permissions.  For assigning 
> permissions, it needs to be to a role or individual (and in Grouper, it is 
> in the context of a role... i.e. the user must be assigned the role to be 
> able to have individual assignments to it).
> 
> Thanks,
> Chris
> 
> -----Original Message-----
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Jim Fox
> Sent: Monday, December 09, 2013 6:03 PM
> To: Grouper Dev
> Subject: [grouper-dev] CIFER API for authz
> 
> 
> 
> We may have an application at Udub for grouper's permissions
> capabilities.  It needs to be through a REST API though.  Can we
> make some progress on that?  At least in the definition of resources?
> 
> While we're at it: Why the distinction between group and role?  Isn't a
> role just a group with some particular attributes?  When is a role
> not a group?
> 
> 
> Something like these?
> 
> 1) permission definition
> 
> 2) permission assignment (attribute definition on a group)
> 
> 3) limit something
> 
> 4) some way to GET a test of authorization
> 
> 
> Jim