Subject: Grouper Users - Open Discussion List
- From: Chris Hyzer <>
- To: Tim Darby <>, "" <>
- Subject: RE: [grouper-users] Grouper rules question
- Date: Wed, 5 Feb 2014 18:16:13 +0000
- Accept-language: en-US
Definitely do a group. I would create a security group in their folder when you create their folder.
arizona:users:jsmith is their folder
arizona:users:security:jsmith_admins is a group which contains them
put two rules on arizona:users:jsmith, one for groups, one for folders, and assign ADMIN for groups to arizona:users:security:jsmith_admins, and STEM for folders to arizona:users:security:jsmith_admins. You could also assign ATTR_ADMIN to attribute definitions if you want
We've created a self-service web app to allow departments on campus to request their own folder in one of our stems. After we approve it, the app creates the folder via Grouper WS. Ideally, we'd like not just the requester but any person they choose to have full control over any subfolders or groups they create.
It looks like rules might be a good way to implement this, but would we have to create a separate rule for each request, along the lines of "this specific admin group gets admin rights on everything in the requested folder and below? Or is it possible to create a more generic rule, like this:
"Any group named DeptAdmins has admin rights to its parent folder (the folder created for the requesting dept) and any group or folder below that folder"
- [grouper-users] Grouper rules question, Tim Darby, 02/05/2014
Archive powered by MHonArc 2.6.16.