Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] auditing point in time

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] auditing point in time

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Scott Koranda <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] auditing point in time
  • Date: Thu, 10 Dec 2009 09:51:29 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

> Grouper group now (a composite group). We want to be able to
> write a WS query that will give us all people in that group on
> a specific date.

I plan on this being in scope for point in time. We can expose it over web

> In the event of a security incident, we would like to be able
> to go back and determine who was in (or not in) a particular
> group at some point in time.

Same requirement.

> Will the auditing and change log capabilities that will be in
> Grouper 1.5 allow us, if necessary, to comb through the SQL
> tables and discern the group membership at a particular point
> in time? We would only do this in the event of an incident,
> and not routinely.

Im assuming you wont keep the change log around for too long if you have a
lot of updates. If you keep it around forever, you might be able to work
back from the present state to a past state. Basically you query the
membership_all view for the group, then you query the change log for all
changes to the group (which includes immediate/effective/etc). And you work

If you don't keep the change log forever (common usage), then you have the
user audit logs. If you do simple changes to grouper (adding/removing people
to/from groups), then you can do a similar algorithm. However, if you are
adding a group to another group, then it will be difficult to know who
exactly was added, since only the high level action is audited.


Archive powered by MHonArc 2.6.16.

Top of Page