Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: Unix GID's in Grouper

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: Unix GID's in Grouper


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Mirko Tasler <>, "" <>
  • Subject: RE: [grouper-users] RE: Unix GID's in Grouper
  • Date: Fri, 4 Jun 2010 11:03:20 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

You can control this from the grouper.properties, which will essentially veto
the edit:

#by default, anyone with admin rights on a group can edit the types or
attributes
#specify types (and related attributes) which are wheel only, or restricted
to a certain group
#security.types.typeName.wheelOnly = true
security.types.grouperLoader.wheelOnly = true

#security.types.typeName.allowOnlyGroup = etc:someAdminGroup


If you want GrouperSystem to be able to edit the attribute, this is
preferable. If you want no one to be able to edit it, then the attribute
hook idea is a good one. And with either, Gary's UI config is a good idea as
well. Let me know what you want to do and I can add it to the example.

Thanks,
Chris



-----Original Message-----
From: Mirko Tasler
[mailto:]

Sent: Friday, June 04, 2010 8:39 AM
To:

Subject: Re: [grouper-users] RE: Unix GID's in Grouper


> Ok, but this could be confusing to the admin. It means, he could change
> the value, but when he saves the group, the gid is reset to the original
> value. I thought there would be an easy way to make certain attributes
> read-only in the UI.

You can throw a HookVeto, which should display an UI message about the
issue.

Even if you'd give write ability to grouperSystem only, you still can't
be sure the value remains the same as in the gid database since you
could change it yourself by accident.

Cheers,

Mirko

--
Mirko Tasler | FU Directory and Identity Service (FUDIS)

| Identity & Customer Management
| ZEDAT Freie Universit├Ąt Berlin



Archive powered by MHonArc 2.6.16.

Top of Page