grouper-users - RE: [grouper-users] Defining rule-based group privileges?
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Gagné Sébastien <>, Peter DiCamillo <>, "" <>
- Subject: RE: [grouper-users] Defining rule-based group privileges?
- Date: Wed, 30 Jan 2013 22:55:48 +0000
- Accept-language: en-US
Dynamic group privileges have the same problem as ldap groups... we do
queries and join to security views which must be established in the database.
If we have to do something external, then we cant browse the database in a
performant way... You
> We've encountered performance problems when assigning the members of a
> group
> privileges to thousands of groups,
I think that was on an old version of Grouper, this is not a problem anymore,
right?
> and we'd also like to be able add and change
> rules-based privileges after the groups have been created.
As Sebastien says there is a cron which allows you to add privileges to
existing groups.
The rule right now is coded to add to privileges in the groups so that groups
could have individual privileges above and beyond the "ruled" ones. If you
want a rule that replaces privileges, that could be written. If you want one
that remembers which privileges were assigned due to the rule, so only those
can be changed later, that is more complex, but I could imagine such a thing
I guess...
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Gagné Sébastien
Sent: Wednesday, January 30, 2013 1:24 PM
To: Peter DiCamillo;
Subject: RE: [grouper-users] Defining rule-based group privileges?
I don't think dynamic privileges are supported yet, but we would also like
something like that. One major problem is that if you remove a rule, all
previously assigned privileges will still be applied to all previous group.
You would need to modify each group to undo what the rule did.
As for rules application, they are indeed applied at group creation, but
there's also a process in the grouper daemon/loader that will check if all
the rules are properly applied. This will execute the rules to all existing
groups. See grouper-loader.properties :
# when the rules validations and daemons run. Leave blank to not run
rules.quartz.cron = 0 20 9 * * ?
-----Message d'origine-----
De :
[mailto:]
De la part de Peter DiCamillo
Envoyé : 28 janvier 2013 16:33
À :
Objet : [grouper-users] Defining rule-based group privileges?
We have some situations where we'd like to be able to assign privileges to
groups by the evaluation of a rule. For example, rather than assigning
privileges for instructional support staff to thousands of course groups,
we'd like to set up a rule that gives them staff privileges because a course
group is at some level under the COURSE stem. Is there a way to do that in
Grouper?
I looked at the Grouper rules documentation, but as far as I can tell,
Grouper rules only set privileges when a group is created, and the end result
is still individual privileges set on each group rather than applying a rule
to determine privileges. We've encountered performance problems when
assigning the members of a group privileges to thousands of groups, and we'd
also like to be able add and change rules-based privileges after the groups
have been created.
Peter
- [grouper-users] Defining rule-based group privileges?, Peter DiCamillo, 01/30/2013
- RE: [grouper-users] Defining rule-based group privileges?, Gagné Sébastien, 01/30/2013
- RE: [grouper-users] Defining rule-based group privileges?, Chris Hyzer, 01/30/2013
- Re: [grouper-users] Defining rule-based group privileges?, Peter DiCamillo, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Shilen Patel, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Peter DiCamillo, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Shilen Patel, 01/31/2013
- RE: [grouper-users] Defining rule-based group privileges?, Chris Hyzer, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Peter DiCamillo, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Shilen Patel, 01/31/2013
- Re: [grouper-users] Defining rule-based group privileges?, Peter DiCamillo, 01/31/2013
- RE: [grouper-users] Defining rule-based group privileges?, Chris Hyzer, 01/30/2013
- RE: [grouper-users] Defining rule-based group privileges?, Gagné Sébastien, 01/30/2013
Archive powered by MHonArc 2.6.16.