grouper-users - Re: [grouper-users] FERPA Protected Data
Subject: Grouper Users - Open Discussion List
List archive
- From: "Tom Zeller" <>
- To: "" <>
- Cc: "Thomas M Goerger" <>, "Kevin J ORourke" <>
- Subject: Re: [grouper-users] FERPA Protected Data
- Date: Thu, 11 Sep 2008 17:13:59 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=Mic4ljAYir4NjyVWElp0gmaAHQxmLefSnmHjnVjEGz4AHGuWeNN1rzVv/Uv62W7Rdt e5PoY+vDwe9i4ytY+Hg5sfWxy6PEtdMfUp8/W0UM0NO2s2QVawytOr5xt23gmOUNZmyc 4LJvbgFNokGZyEOxqVF1vRCDjATHUGWmZO4n4=
Perhaps we could mark subjects as hidden or invisible (based on attribute existence or value) so they are not displayed by the UI, e.g. in media.properties: subject.don't-display.attr=FERPA or subject.hide.attr=FERPA, subject.hide.value=true. Could be applied to a group (e.g. a course) subject to hide all members, or to particular subjects (e.g. a student who has requested FERPA). Maybe only applicable to specific privileges, e.g. not ADMIN.
TomZ
On Thu, Sep 11, 2008 at 3:56 PM, Chris Hyzer <> wrote:
I don't remember an open Jira issue about this. It can sort of be done in 1.4 (coming out in Oct/Nov) with hooks. You could configure your list or regex of folders (in grouper.properties or some config file) such that if a group is created under it (or edited if you like), that it will unassign the EveryEntity read or list privileges. If there isn't a better way to do this (anyone?) we could consider a grouper-built-in hook like the group attribute validators... shouldn't be too difficult.
I don't know of a way to add a "type" or some flag to folders, so a sysadmin would need to configure which stems or regexes are private. If you did a regex (substring), then if your stem name has a certain substring then it would match, or maybe some certain substring in the description. Another way to flag is making a 'marker' group with no members (e.g. called "school:etc:nonPublicRead"), and if that group has a privilege against a folder, it is "marked". Doesn't sound ideal... but just trying to think if it can be done without too large of a change (e.g. stem metadata)
Thoughts?
Chris
> -----Original Message-----
> From: Thomas M Goerger [mailto:]
> Sent: Thursday, September 11, 2008 4:45 PM
> To:
> Cc: Kevin J ORourke
> Subject: [grouper-users] FERPA Protected Data
>
> Hi,
>
> We're running into situations where we'd like to be able to restrict
> the
> ability for group members to see FERPA suppressed entries. We've just
> turned off the read attribute for now, but this is less than ideal, of
> course. I'm seeing from list archives that you might have been working
> on
> the ability to see a FERPA flag on a directory, and set suppression on
> this entry according to this flag. Has there been any progress on
> this,
> or if not, when might something like this be available?
>
> Thanks,
>
> ***********************************************************************
> **********
> * Tom Goerger Email/Unix System
> Administrator *
> *
> *
> * University of Minnesota Email:
> *
> * Operations, Infrastructure and Architecture Phone: 4-5804
> *
> * Internet Services Office: 750 University
> Park Plaza*
> *
> *
> ***********************************************************************
> **********
- FERPA Protected Data, Thomas M Goerger, 09/11/2008
- RE: [grouper-users] FERPA Protected Data, Chris Hyzer, 09/11/2008
- Re: [grouper-users] FERPA Protected Data, Tom Zeller, 09/11/2008
- Re: [grouper-users] FERPA Protected Data, GW Brown, Information Systems and Computing, 09/12/2008
- Re: [grouper-users] FERPA Protected Data, Thomas M Goerger, 09/12/2008
- Re: [grouper-users] FERPA Protected Data, GW Brown, Information Systems and Computing, 09/12/2008
- Re: [grouper-users] FERPA Protected Data, Tom Zeller, 09/11/2008
- RE: [grouper-users] FERPA Protected Data, Chris Hyzer, 09/11/2008
Archive powered by MHonArc 2.6.16.