Grouper Users - Open Discussion List

[Nathan Kopp <>]

No, the rules engine is the “responsible party” .  No need for “actAs”.

 

We will be using the Java API.  Using SQL would be “less than ideal.”  I was just wondering what classes/methods in the API that I could use to access the audit records.

 

-Nathan

 

From: Chris Hyzer [mailto:]
Sent: Thursday, May 05, 2011 2:52 PM
To: Nathan Kopp;
Subject: RE: Attestation question

 

So are you saying that the rules engine is the subject that is doing the add/remove, and you want to store who the end-user is that caused the rules engine to do the action?  If so then you could use “actAs” so the rules engine acts as the underlying user to do the action, then use the audit records.  To access the audit records, there is not yet a web service, but you could get the records with SQL or GSH, or the Java API…  Maybe you could more explicitly give an example so I can better explain Grouper’s capabilities.

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Nathan Kopp
Sent: Wednesday, May 04, 2011 10:31 AM
To:
Subject: [grouper-users] Attestation question

 

In my organization, we are beginning work on a Grouper implementation for managing user access to Siebel CRM.

 

One key thing we need to track is attestation (who is responsible for assigning a direct group membership) whenever our rules engine is responsible for membership.  We have identified two possible options:

1) use grouper’s audit log

2) store attestation information in an attribute whenever the rules engine is responsible for direct membership assignment

 

Currently we implemented this using an attribute.  However, I was wondering if there is an easy API for accessing the audit log to quickly the subject that is most recently responsible for a current group membership.  Does such a capability exist in the Grouper API?

 

Nathan Kopp

Applications Strategist

Information Technology Group

Campus Crusade for Christ, Int’l

407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax