Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC


Chronological Thread 
  • From: Jeffrey Crawford <>
  • To: Chris Hyzer <>
  • Cc: Gouper Users List <>
  • Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
  • Date: Tue, 27 Oct 2015 11:58:01 -0700

I'm willing to test if you guys come up with something. I can imagine it would be useful to others as well.

Jeffrey E. Crawford
ITS Application Administrator (IdM)
831-459-4365

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

On Tue, Oct 27, 2015 at 11:14 AM, Chris Hyzer <> wrote:

I think a hook is better for this…  until we have better rule support for this

 

If you need help let me know

 

Thanks,

Chris

 

From: Jeffrey Crawford [mailto:]
Sent: Tuesday, October 27, 2015 2:13 PM


To: Chris Hyzer
Cc: Gouper Users List
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC

 

There are about 8 or 9


Jeffrey

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

 

On Mon, Oct 26, 2015 at 10:00 PM, Chris Hyzer <> wrote:

Are all the groups in one folder?   If it's 4 groups only forever then some rules might work.  Otherwise might need a hook and java logic. 

 

-------- Original message --------

From: Jeffrey Crawford

Date:10/26/2015 3:44 PM (GMT-05:00)

To: Chris Hyzer

Cc: Gouper Users List

Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC

 

This is more like a trigger. Let say you have 4 policies for a service:

policy1

policy2

policy3

policy4

The system can only map a user to a single policy. Since we are representing this with groups a member can only be a member of one of the above groups.

So if for example someone changes jobs and needs to move from policy1 to policy3, however the person managing the groups forgets to remove the user out of policy1 then they are a member of two policies, which can cause bad behavior. Therefore if grouper can trigger a job when a user is added to policy3 to make sure said member is removed if they exist in policy1 policy2 or policy4.


Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

 

On Mon, Oct 26, 2015 at 11:22 AM, Chris Hyzer <> wrote:

Can you give a more explicit example please?

 

Groups can be members of other groups.  i.e.

 

GroupA has GroupB as a member, and  GroupB has jsmith as a member

GroupA2 also has GroupB as a member, which also means jsmith is an effective member of GroupA2.

 

If you remove jsmith from GroupB, then jsmith will then not be an effective member of GroupA or GroupA2.  Is that what you want?

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Jeffrey Crawford
Sent: Monday, October 26, 2015 2:19 PM
To: Gouper Users List
Subject: [grouper-users] Auto removal on groupA or groupB when "added" to groupC

 

I know the RuleApi allows you to remove from groupA if removed from groupB, however we have a concept of "profiles" which require that a user is only a member of a single group in a particular series of groups.

I was wondering if you have such a concept since trying to remember to remove someone from a group if they are added to another group is error prone.


Jeffrey

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

 

 





Archive powered by MHonArc 2.6.16.

Top of Page