Grouper Users - Open Discussion List

[Chris Hyzer <>]

You can control this from the grouper.properties, which will essentially veto 
the edit:

#by default, anyone with admin rights on a group can edit the types or 
attributes
#specify types (and related attributes) which are wheel only, or restricted 
to a certain group
#security.types.typeName.wheelOnly = true
security.types.grouperLoader.wheelOnly = true

#security.types.typeName.allowOnlyGroup = etc:someAdminGroup


If you want GrouperSystem to be able to edit the attribute, this is 
preferable.  If you want no one to be able to edit it, then the attribute 
hook idea is a good one.  And with either, Gary's UI config is a good idea as 
well.  Let me know what you want to do and I can add it to the example.

Thanks,
Chris



-----Original Message-----
From: Mirko Tasler 
[mailto:]
 
Sent: Friday, June 04, 2010 8:39 AM
To: 

Subject: Re: [grouper-users] RE: Unix GID's in Grouper


> Ok, but this could be confusing to the admin. It means, he could change
> the value, but when he saves the group, the gid is reset to the original
> value. I thought there would be an easy way to make certain attributes
> read-only in the UI.

You can throw a HookVeto, which should display an UI message about the 
issue.

Even if you'd give write ability to grouperSystem only, you still can't 
be sure the value remains the same as in the gid database since you 
could change it yourself by accident.

Cheers,

Mirko

-- 
Mirko Tasler              | FU Directory and Identity Service (FUDIS)

 | Identity & Customer Management
                           | ZEDAT Freie Universität Berlin