Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Cascading into and out of groups and signet

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Cascading into and out of groups and signet

Chronological Thread 
  • From: Tom Barton <>
  • To: "GW Brown, Information Systems and Computing" <>
  • Cc: Chris Hyzer <>, Grouper Users <>
  • Subject: Re: [grouper-users] Cascading into and out of groups and signet
  • Date: Fri, 07 Mar 2008 23:08:24 -0600

I think it would be best to first explore such contextual extensions to basic groups in purpose-built clients. For example, a special course-management related UI could hide the internal details of how the various types of students (ad hoc, inactive, etc) are handled in Gary's use case.

This approach would allow actual actual usage trends to emerge before we bake any such into the api, in advance of really knowing what's needed.

But I agree that we should be on the lookup for such patterns as more adoption occurs.


GW Brown, Information Systems and Computing wrote:
I agree it would be good to hide some of the internals. Having some groups which are never visible except to the Grouper internals might work i.e. always have some additional group methods:



+ others as required, which manipulate the hidden groups.

We might also be able to use additional membership lists for ad hoc and excluded members. Adding / removing members from these lists would impact the actual membership - however, this may be more invasive and would mean getting to grips with how effective memberships are worked out - possibly having different rules for different types of groups.

In the meantime, for sites who are mostly concerned with provisioning accurate membership lists to LDAP which is where most integration takes place, custom provisioning code could take care of the logic of exporting:

actual membership + ad hoc custom list - excluded list.


--On 05 March 2008 15:59 -0500 Chris Hyzer

I think it would be useful to eventually have a higher-level group
concept to remove this complexity from users. 5 groups is a bit much to
have to deal with for this use case. Granted grouper can still store the
data in the same way it does now, but the user doesn't need to know. Not
sure if this is feasible.


-----Original Message-----
From: GW Brown, Information Systems and Computing
Sent: Tuesday, March 04, 2008 10:36 AM
To: Bert Bee-Lindgren; Grouper Users
Subject: Re: [grouper-users] Cascading into and out of groups and

The approach I'm taking to incomplete data from source systems e.g.
systems is to set up the following groups:

Registered students for X
Ad hoc students for X

All students for X -> has above two groups as members

Inactive students for X

and finally:

Students for X -> All students for X <complement> Inactive students for

which is the group I would use for granting privileges.

Currently I place all but the last group under another stem to reduce

If you don't need to cater for people who need removing it is simpler -
fewer groups.


GW Brown, Information Systems and Computing

fn:Tom Barton
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
title:Sr. Director - Integration
tel;work:+1 773 834 1700

Archive powered by MHonArc 2.6.16.

Top of Page