Grouper Users - Open Discussion List

[Steven Carmody <>]

Sorry for what is likely to be an inane question  ;-)

I'm looking for a high level description of Grouper's support for 
permissions...

I've watched the video "Grouper permission assignment screen first pass 
", and that's consistent with what I'd expect to see....

Here's my attempt at describing the model:

A "permission definition" is created, and then someone assigns that 
permission to a Role (and perhaps to just some entities while operating 
in that role).

"permission definition"s, tho, look like strings ?

So, how are these "pushed" into the target application ? Does ldappcng 
do that ? Is it expected that they will be pushed into ldap, and the 
target application looks at attribute values to see if someone has a 
specific permission?

We have applications that export APIs that allow a provisioning program 
to specify which group/role can do VERB on RESOURCE X -- is there some 
sort of plugin architecture in ldappcng -- where we provide the 
appropriate plugin and something like ldappcng will use our plugin ?

Once again, sorry for the Q -- I assume this has been discussed 
somewhere, and I just can't find it.