Grouper Users - Open Discussion List

[Chris Hyzer <>]

Definitely do a group.  I would create a security group in their folder when you create their folder.

 

i.e.

 

arizona:users:jsmith                              is their folder

arizona:users:security:jsmith_admins           is a group which contains them

 

put two rules on arizona:users:jsmith, one for groups, one for folders, and assign ADMIN for groups to arizona:users:security:jsmith_admins, and STEM for folders to arizona:users:security:jsmith_admins.  You could also assign ATTR_ADMIN to attribute definitions if you want

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Tim Darby
Sent: Wednesday, February 05, 2014 1:08 PM
To:
Subject: [grouper-users] Grouper rules question

 

We've created a self-service web app to allow departments on campus to request their own folder in one of our stems. After we approve it, the app creates the folder via Grouper WS. Ideally, we'd like not just the requester but any person they choose to have full control over any subfolders or groups they create.

 

It looks like rules might be a good way to implement this, but would we have to create a separate rule for each request, along the lines of "this specific admin group gets admin rights on everything in the requested folder and below? Or is it possible to create a more generic rule, like this:

 

"Any group named DeptAdmins has admin rights to its parent folder (the folder created for the requesting dept) and any group or folder below that folder"

Tim Darby
The University of Arizona
Mosaic, Systems Integration and Architecture

UITS, Rm 335, 520-626-3799