Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Grouper rules question

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Grouper rules question


Chronological Thread 
  • From: Tim Darby <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Grouper rules question
  • Date: Wed, 5 Feb 2014 11:32:14 -0700

Thanks Chris, that's what I thought, but I was also wondering if it's possible to create a single rule that covers all such requests. So, let's say we always named the security group "DeptAdmins".  Then, we'd have:

arizona:users:jsmith
arizona:users:jsmith:DeptAdmins

arizona:users:tdarby
arizona:users:tdarby:DeptAdmins

etc.

Is it possible to have a rule to assign ADMIN and STEM rights to any group named DeptAdmins for its parent folder, no matter what folder DeptAdmins is in?

Tim Darby
The University of Arizona
Mosaic, Systems Integration and Architecture

UITS, Rm 335, 520-626-3799


On Wed, Feb 5, 2014 at 11:16 AM, Chris Hyzer <> wrote:

Definitely do a group.  I would create a security group in their folder when you create their folder.

 

i.e.

 

arizona:users:jsmith                              is their folder

arizona:users:security:jsmith_admins           is a group which contains them

 

put two rules on arizona:users:jsmith, one for groups, one for folders, and assign ADMIN for groups to arizona:users:security:jsmith_admins, and STEM for folders to arizona:users:security:jsmith_admins.  You could also assign ATTR_ADMIN to attribute definitions if you want

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Tim Darby
Sent: Wednesday, February 05, 2014 1:08 PM
To:
Subject: [grouper-users] Grouper rules question

 

We've created a self-service web app to allow departments on campus to request their own folder in one of our stems. After we approve it, the app creates the folder via Grouper WS. Ideally, we'd like not just the requester but any person they choose to have full control over any subfolders or groups they create.

 

It looks like rules might be a good way to implement this, but would we have to create a separate rule for each request, along the lines of "this specific admin group gets admin rights on everything in the requested folder and below? Or is it possible to create a more generic rule, like this:

 

"Any group named DeptAdmins has admin rights to its parent folder (the folder created for the requesting dept) and any group or folder below that folder"


Tim Darby
The University of Arizona
Mosaic, Systems Integration and Architecture

UITS, Rm 335, 520-626-3799





Archive powered by MHonArc 2.6.16.

Top of Page