grouper-dev - [grouper-dev] RE: Feature Request/Inquiry

Subject: Grouper Developers Forum

List archive

[grouper-dev] RE: Feature Request/Inquiry

From: Chris Hyzer <>
To: Pregash J Devasagayam <>, "" <>
Subject: [grouper-dev] RE: Feature Request/Inquiry
Date: Wed, 11 Feb 2015 21:15:05 +0000
Accept-language: en-US

The include/exclude is just a hook in grouper, though it does have a lot of logic to see which groups exist to reuse them etc.

Most of the times at Penn when we need this we only need includes and a system of record group. If you trust the manager, you only really need two groups (and I guess a manager group).

Also, you should give Read and Update to managers

Group Name	Permissions
Group-A (has system of record as member, plus ad hoc members)	Group-A_Manage > Update / Read
Group-A_SystemOfRecord	Group-A_Manage > Update / Read
Group-A_Manage	Group-A_Manage > Update / Read

If you don’t trust the manager to not remove the system of record (not sure this is needed, who knows) you could have another group:

Group Name	Permissions
Group-A (has system of record as member, plus ad hoc members)	Group-A_Manage > Read
Group-A_SystemOfRecord	Group-A_Manage > Update / Read
Group-A_Includes	Group-A_Manage > Update / Read
Group-A_Manage	Group-A_Manage > Update / Read

Do either of those appeal to you? Or you want excludes too? Let me know which way you want to go, and which version of grouper and I can look at another hook for it…

Thanks,

Chris

From: [mailto:] On Behalf Of Pregash J Devasagayam
Sent: Wednesday, February 11, 2015 1:02 PM
To:
Subject: [grouper-dev] Feature Request/Inquiry

Hi All,

We have a specific use case, which we want to see if other universities have addressed. We are using grouper to manage Office 365/Exchange Distribution Lists, and our end users will manage their lists through the new UI. These groups are created by our messaging team and then will be passed on to the end user. They are created with the include/exclude model, and we want to have another group type option which would also create a "manage" or "updater" group. This group would also be given updater privileges to the include, exclude, sor and itself. We are looking to develop this model here at CU but I wanted to throw this scenario to the list to see if we could get this as a built in option much like the include/exclude option or if there is a better way to address this.

Group Name	Permissions
Group-A	Default
Group-A_Includes	Group-A_Manage > Update
Group-A_Excludes	Group-A_Manage > Update
Group-A_SystemOfRecord	Group-A_Manage > Updat
Group-A_SystemOfRecordAndIncludes	Default
Group-A_Manage	Group-A_Manage > Update

Regards,

Pregash Devasagayam

University of Colorado

[grouper-dev] Feature Request/Inquiry, Pregash J Devasagayam, 02/11/2015
- [grouper-dev] RE: Feature Request/Inquiry, Chris Hyzer, 02/11/2015
  - [grouper-dev] Re: Feature Request/Inquiry, Pregash J Devasagayam, 02/11/2015
    - [grouper-dev] RE: Feature Request/Inquiry, Chris Hyzer, 02/11/2015
      - Re: RE: [grouper-dev] Feature Request/Inquiry, Pregash J Devasagayam, 02/12/2015
        
        RE: RE: [grouper-dev] Feature Request/Inquiry, Chris Hyzer, 02/12/2015
        
        Re: [grouper-dev] Feature Request/Inquiry, Pregash J Devasagayam, 02/12/2015

List archive

[grouper-dev] RE: Feature Request/Inquiry