Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Defining rule-based group privileges?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Defining rule-based group privileges?


Chronological Thread 
  • From: Gagné Sébastien <>
  • To: "Peter DiCamillo" <>, <>
  • Subject: RE: [grouper-users] Defining rule-based group privileges?
  • Date: Wed, 30 Jan 2013 13:23:56 -0500

I don't think dynamic privileges are supported yet, but we would also like
something like that. One major problem is that if you remove a rule, all
previously assigned privileges will still be applied to all previous group.
You would need to modify each group to undo what the rule did.

As for rules application, they are indeed applied at group creation, but
there's also a process in the grouper daemon/loader that will check if all
the rules are properly applied. This will execute the rules to all existing
groups. See grouper-loader.properties :

# when the rules validations and daemons run. Leave blank to not run
rules.quartz.cron = 0 20 9 * * ?

-----Message d'origine-----
De :


[mailto:]
De la part de Peter DiCamillo
Envoyé : 28 janvier 2013 16:33
À :

Objet : [grouper-users] Defining rule-based group privileges?

We have some situations where we'd like to be able to assign privileges to
groups by the evaluation of a rule. For example, rather than assigning
privileges for instructional support staff to thousands of course groups,
we'd like to set up a rule that gives them staff privileges because a course
group is at some level under the COURSE stem. Is there a way to do that in
Grouper?

I looked at the Grouper rules documentation, but as far as I can tell,
Grouper rules only set privileges when a group is created, and the end result
is still individual privileges set on each group rather than applying a rule
to determine privileges. We've encountered performance problems when
assigning the members of a group privileges to thousands of groups, and we'd
also like to be able add and change rules-based privileges after the groups
have been created.

Peter



Archive powered by MHonArc 2.6.16.

Top of Page