Skip to Content.
Sympa Menu

grouper-dev - RE: RE: [grouper-dev] Feature Request/Inquiry

Subject: Grouper Developers Forum

List archive

RE: RE: [grouper-dev] Feature Request/Inquiry


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Pregash J Devasagayam <>
  • Cc: "" <>
  • Subject: RE: RE: [grouper-dev] Feature Request/Inquiry
  • Date: Thu, 12 Feb 2015 05:08:25 +0000
  • Accept-language: en-US

If you don’t nest the registry, then you don’t need the whole include exclude setup J

 

I think we should just stick with the include/exclude that exists, and add the manage part…ok?

 

Thanks,

Chris

 

From: Pregash J Devasagayam [mailto:]
Sent: Wednesday, February 11, 2015 8:21 PM
To: Chris Hyzer
Cc: Pregash J Devasagayam;
Subject: Re: RE: [grouper-dev] Feature Request/Inquiry

 

I guess what would make the most sense is an includes group and an excludes group and the registry sor group can be nested in the includes group.  I see what you are saying with the SOR group, but I guess in our situation what we need is not really an SOR group, but a place to nest an SOR group.  The manager will not have access to add or remove people from the actual registry group, but can nest it into their group.  So the model would look like:  

 

Group A

                                                                                                    

 

Group A_Excludes

Group A_Includes

 

 

                                                                  

Group A_Manage
Read/Update
Privileges

Registry Group (nested by the manager into Group A_Includes)

 

 

 

 

 

This way our end user is left with an include and exclude group and can decide whether or not to use our provided SOR registry groups.  Then the auto-generated manage group will be given permission to the include and exclude groups.

 

Does this sound like the right approach to take?

 

-Pregash

 

 

On Feb 11, 2015, at 3:16 PM, Chris Hyzer <> wrote:

 

No, would need to create one…  without an excludes list, if there is a registry update that needs some time, if the manage group has UPDATE on the SOR group, they could just remove it from there, and they next time the loader runs it will be gone right (just need to make sure loader runs after downstream data flows are done)?  Either way, let me know.

 

Thanks,

Chris

 

From: Pregash J Devasagayam [] 
Sent: Wednesday, February 11, 2015 5:03 PM
To: Chris Hyzer
Cc: Pregash J Devasagayam;
Subject: Re: Feature Request/Inquiry

 

Hi Chris,

 

Thanks for the reply.  We are developing on Grouper 2.2.1.  

 

The only reason we thought the exclude group would be useful is because the SOR group would likely contain a nested registry (our user database) group like a dept group, and we wanted to give our users the ability to remove a user from the list in case an update to the registry takes longer than what is required.  Also, we were trying to just utilize the built in functionality, without having to do too much custom development.  

 

Do you have a hook developed that creates this kind of manage group already?  

 

Thanks again for the help.

 

Regards,

 

Pregash

On Feb 11, 2015, at 2:15 PM, Chris Hyzer <> wrote:

 

The include/exclude is just a hook in grouper, though it does have a lot of logic to see which groups exist to reuse them etc.

 

Most of the times at Penn when we need this we only need includes and a system of record group.  If you trust the manager, you only really need two groups (and I guess a manager group).

 

Also, you should give Read and Update to managers

 

Group Name

Permissions

Group-A (has system of record as member, plus ad hoc members)

Group-A_Manage > Update / Read

Group-A_SystemOfRecord

Group-A_Manage > Update / Read

Group-A_Manage

Group-A_Manage > Update / Read

 

If you don’t trust the manager to not remove the system of record (not sure this is needed, who knows) you could have another group:

 

Group Name

Permissions

Group-A (has system of record as member, plus ad hoc members)

Group-A_Manage > Read

Group-A_SystemOfRecord

Group-A_Manage > Update / Read

Group-A_Includes

Group-A_Manage > Update / Read

Group-A_Manage

Group-A_Manage > Update / Read

 

Do either of those appeal to you?  Or you want excludes too?  Let me know which way you want to go, and which version of grouper and I can look at another hook for it…

 

Thanks,

Chris

 

 

From:  [] On Behalf Of Pregash J Devasagayam
Sent: Wednesday, February 11, 2015 1:02 PM
To: 
Subject: [grouper-dev] Feature Request/Inquiry

 

Hi All,

We have a specific use case, which we want to see if other universities have addressed.  We are using grouper to manage Office 365/Exchange Distribution Lists, and our end users will manage their lists through the new UI.  These groups are created by our messaging team and then will be passed on to the end user.  They are created with the include/exclude model, and we want to have another group type option which would also create a "manage" or "updater" group.  This group would also be given updater privileges to the include, exclude, sor and itself.  We are looking to develop this model here at CU but I wanted to throw this scenario to the list to see if we could get this as a built in option much like the include/exclude option or if there is a better way to address this.

 

 

Group Name

Permissions

Group-A

Default

Group-A_Includes

Group-A_Manage  > Update

Group-A_Excludes

Group-A_Manage > Update

Group-A_SystemOfRecord

Group-A_Manage > Updat

Group-A_SystemOfRecordAndIncludes

Default

Group-A_Manage

Group-A_Manage > Update

 







Regards,




Pregash Devasagayam

University of Colorado

 




Archive powered by MHonArc 2.6.16.

Top of Page