Grouper Users - Open Discussion List

[Gagné Sébastien <>]

I don't think dynamic privileges are supported yet, but we would also like 
something like that. One major problem is that if you remove a rule, all 
previously assigned privileges will still be applied to all previous group. 
You would need to modify each group to undo what the rule did.

As for rules application, they are indeed applied at group creation, but 
there's also a process in the grouper daemon/loader that will check if all 
the rules are properly applied. This will execute the rules to all existing 
groups. See grouper-loader.properties :

# when the rules validations and daemons run.  Leave blank to not run
rules.quartz.cron = 0 20 9 * * ?

-----Message d'origine-----
De : 

 
[mailto:]
 De la part de Peter DiCamillo
Envoyé : 28 janvier 2013 16:33
À : 

Objet : [grouper-users] Defining rule-based group privileges?

We have some situations where we'd like to be able to assign privileges to 
groups by the evaluation of a rule. For example, rather than assigning 
privileges for instructional support staff to thousands of course groups, 
we'd like to set up a rule that gives them staff privileges because a course 
group is at some level under the COURSE stem. Is there a way to do that in 
Grouper?

I looked at the Grouper rules documentation, but as far as I can tell, 
Grouper rules only set privileges when a group is created, and the end result 
is still individual privileges set on each group rather than applying a rule 
to determine privileges. We've encountered performance problems when 
assigning the members of a group privileges to thousands of groups, and we'd 
also like to be able add and change rules-based privileges after the groups 
have been created.

Peter