Grouper Users - Open Discussion List

[Chris Hyzer <>]

Theres the documentation and use cases which might not be sufficient, and you 
probably know about them, if there are specific things to add to the wiki 
maybe you could get an account and modify it or let me know and I can make 
changes.

https://spaces.internet2.edu/display/Grouper/Grouper+rules

Yes, you are interpreting it correctly

I don’t really understand your question.  Note that "immediate" in 
thisGroupHasImmediateEnabledMembership means that it must be a direct 
membership and not nested in a group.  The rule would not purge any nested 
groups or any groups other than (2).  That would be interesting though, if 
you need that we see how we can make that work with rules :)  You would need 
to be sure that those groups expect that behavior and you don’t get 
memberships removed that you don’t intend.

Thanks,
Chris



-----Original Message-----
From: Waldbieser, Carl 
[mailto:]
 
Sent: Monday, July 06, 2015 12:27 PM
To: Chris Hyzer
Cc: grouper-users
Subject: Re: Rules reporting?

Chris,

It is pretty close.
Is there some kind of documentation that explains the meanings of the rules?
For example:

1) assigned_to_type:          group
2) assigned_to_group_name:    lc:org:admin:its:di
3) rule_check_type:           membershipRemove
4) rule_check_owner_name:     lc:ref:role:employee
5) rule_if_condition:         thisGroupHasImmediateEnabledMembership
6) rule_then_enum:            removeMemberFromOwnerGroup
7) rule_act_as_subject_id:    GrouperSystem

Since I modeled this rule from one of the examples, I know this rule is 
supposed to revoke membership for a subject from "lc:org:admin:its:di" if 
that subject is loses membership from "lc:ref:role:employee".

So the way I interpret the rule fields is:

This rule applies to group (1) "lc:org:admin:its:di" (2).  If a 
"membershipRemove" event (3) occurs on entity "lc:ref:role:employee" (4), 
then remove the same subject from group to which this rule applies (6).  The 
rule will run as the GrouperSystem subject (7).

Would that be a valid interpretation?

Also, if the group in (2) had nested groups that contained subjects that are 
in the group in (4), would the rule checking purge the nested groups (because 
they are *not* members of (4), or would they remain (because their members 
are members of (4))?

Thanks,
Carl

----- Original Message -----
From: "Chris Hyzer" 
<>
To: "Carl Waldbieser" 
<>,
 "grouper-users" 
<>
Sent: Saturday, July 4, 2015 9:55:33 PM
Subject: RE: Rules reporting?

There is the grouper_rules_v in the database you can select from... is that 
sufficient?  :)

Thanks,
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Waldbieser, Carl
Sent: Thursday, July 02, 2015 3:15 PM
To: grouper-users
Subject: [grouper-users] Rules reporting?


Is there any way to get a list of all the rules that have created in a 
Grouper installation?
It is not obvious from the UI what groups have attached rules.

I was wondering if there might be a GSH script that could be run that 
generates something like:

  * Group FOO has a rule that fires when a subject is removed.  It removes 
the subject from GROUP BAZ.
  * GROUP BAR has a rule that fires when a subject is added.  It sets the 
membership end date to 30 days from now.
  ...

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College