Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Explanation of attributes

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Explanation of attributes

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Nathan Kopp <>, "" <>
  • Subject: [grouper-users] RE: Explanation of attributes
  • Date: Thu, 5 May 2011 15:05:47 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

I added this to the docs… let me know if you need more info:


Attribute definition (attributeDef):



An attribute definition holds the type of attribute (attribute, permission, limit, etc), privileges (who can assign or see assignments), restrictions about where it can be assigned (e.g. which folder), which owner types it can be assigned to (e.g. group, folder, etc), which type of value (e.g. text, numeric, etc), if it is multi-valued, if it can be assigned to the same owner object more than once at a time, etc.  For permissions, this also holds which actions (in the triple) are available for this permission (e.g. READ, WRITE, ADMIN, etc)



Attribute definition name (attributeDefName):



An attribute definition name has a many-to-one relationship to attributeDef.  This is the thing that is assigned to the owner.  It is similar to a list-of-values for the attribute.  You cannot assign an attribute without having an attributeDefName.  This allows you to share common settings among multiple attributes without having to reconfigure each value.  You might have only one attributeDefName for an attributeDef, but generally you will have more than 1.


Attribute assignment:


This is the relationship between the owner (e.g. Group, Folder), and the attributeDefName.  This might have a start/end timestamp, and other metadata (e.g. for permissions if it is delegatable, if it is allowed or forbidden, etc)


Attribute assignment value:


If an attributeDef is not of value type 'marker', then it can have a value, or multiple values (of the same type) if the attributeDef is labeled as multi-valued.  The attribute assign value is a many to one on the attribute assignment.  The value can have a type (e.g. text, integer, floating, timestamp, etc), and at some point it would be nice if it had the capability to have validations (e.g. a regex).






From: [mailto:] On Behalf Of Nathan Kopp
Sent: Wednesday, May 04, 2011 10:51 AM
Subject: [grouper-users] Explanation of attributes


I’m wondering if there is some documentation out that explains some of the intricate details of Grouper’s attribute system and the motivation behind it.  I’ve been able to get attributes working, but some aspects leave me confused.


For example, we already have four steps necessary to assign an attribute value to an entity:



Attribute Assignment (assignAttribute;  optional)

Attribute Value (assignValue)


I noticed that 1.6 added another API-accessible layer: AttributeDefType


As a new Grouper user, all of these layers seem like they add lots of flexibility, but also lots of complexity.  I’ve seen documentation showing examples of how to use each layer (so I have been able to make it work), but I have not yet found anything that explains the PURPOSE of each layer, and why each exists separate from the others.  Therefore, I don’t yet know why I would want to do anything other than what the examples show.  Has such an explanation already been written?




Nathan Kopp

Applications Strategist

Information Technology Group

Campus Crusade for Christ, Int’l

407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax


Archive powered by MHonArc 2.6.16.

Top of Page