grouper-users - Re: [grouper-users] Grouper rules question
Subject: Grouper Users - Open Discussion List
List archive
- From: Tim Darby <>
- To: Chris Hyzer <>
- Cc: "" <>
- Subject: Re: [grouper-users] Grouper rules question
- Date: Wed, 5 Feb 2014 15:37:25 -0700
The University of Arizona
Mosaic, Systems Integration and Architecture
UITS, Rm 335, 520-626-3799
Nothing exists right now that could do that, we would need to add it… just curious, do you envision a daemon that would assign those privileges if someone unassigns them?
Thanks,
Chris
From: [mailto:] On Behalf Of Tim Darby
Sent: Wednesday, February 05, 2014 1:32 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Grouper rules question
Thanks Chris, that's what I thought, but I was also wondering if it's possible to create a single rule that covers all such requests. So, let's say we always named the security group "DeptAdmins". Then, we'd have:
arizona:users:jsmith
arizona:users:jsmith:DeptAdmins
arizona:users:tdarby
arizona:users:tdarby:DeptAdmins
etc.
Is it possible to have a rule to assign ADMIN and STEM rights to any group named DeptAdmins for its parent folder, no matter what folder DeptAdmins is in?
Tim Darby
The University of Arizona
Mosaic, Systems Integration and Architecture
UITS, Rm 335, 520-626-3799
On Wed, Feb 5, 2014 at 11:16 AM, Chris Hyzer <> wrote:
Definitely do a group. I would create a security group in their folder when you create their folder.
i.e.
arizona:users:jsmith is their folder
arizona:users:security:jsmith_admins is a group which contains them
put two rules on arizona:users:jsmith, one for groups, one for folders, and assign ADMIN for groups to arizona:users:security:jsmith_admins, and STEM for folders to arizona:users:security:jsmith_admins. You could also assign ATTR_ADMIN to attribute definitions if you want
Thanks,
Chris
From: [mailto:] On Behalf Of Tim Darby
Sent: Wednesday, February 05, 2014 1:08 PM
To:
Subject: [grouper-users] Grouper rules question
We've created a self-service web app to allow departments on campus to request their own folder in one of our stems. After we approve it, the app creates the folder via Grouper WS. Ideally, we'd like not just the requester but any person they choose to have full control over any subfolders or groups they create.
It looks like rules might be a good way to implement this, but would we have to create a separate rule for each request, along the lines of "this specific admin group gets admin rights on everything in the requested folder and below? Or is it possible to create a more generic rule, like this:
"Any group named DeptAdmins has admin rights to its parent folder (the folder created for the requesting dept) and any group or folder below that folder"
Tim Darby
The University of Arizona
Mosaic, Systems Integration and Architecture
UITS, Rm 335, 520-626-3799
- [grouper-users] Grouper rules question, Tim Darby, 02/05/2014
- RE: [grouper-users] Grouper rules question, Chris Hyzer, 02/05/2014
- Re: [grouper-users] Grouper rules question, Tim Darby, 02/05/2014
- RE: [grouper-users] Grouper rules question, Chris Hyzer, 02/05/2014
- Re: [grouper-users] Grouper rules question, Tim Darby, 02/05/2014
- RE: [grouper-users] Grouper rules question, Chris Hyzer, 02/05/2014
- Re: [grouper-users] Grouper rules question, Tim Darby, 02/05/2014
- RE: [grouper-users] Grouper rules question, Chris Hyzer, 02/05/2014
Archive powered by MHonArc 2.6.16.