Skip to Content.
Sympa Menu

grouper-users - [grouper-users] using Grouper's Permissions framework

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] using Grouper's Permissions framework


Chronological Thread 
  • From: Steven Carmody <>
  • To: Grouper-Users <>
  • Subject: [grouper-users] using Grouper's Permissions framework
  • Date: Tue, 27 May 2014 15:45:34 -0400

Hi,

We've been looking at this (not at the internal ACL support for permissions directly against groups, but rather the framework for managing Permissions).

My understanding is that you can define a "Permission" within Grouper. A role is represented as a group. Permissions are created as child attributes on a resources stem. To assign a permission to a role, the group's permission role delegate has the permission assigned to it. Is that correct ?

What I don't understand is the relationship between a Permission being granted within Grouper for some action in an system eternal to Grouper, and that Permission being implemented (checked) in the external system. Obviously, you'd like these two things to be linked.

The external system could query Grouper at run time (thus using Grouper as a PDP). But, very few systems do that.

We see that Grouper can also generate an event when a permission is assigned to a role. We're already using events to synch group memberships to ldap, google, and elsewhere, and are already familiar with that model.

Are there any examples where sites are using permission related events to actually "set" Permission Rules within external systems ?

Or... are there other ways to use Grouper's Permissions framework to control permissions in external systems ?

Thanks !



Archive powered by MHonArc 2.6.16.

Top of Page