grouper-users - [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment
Subject: Grouper Users - Open Discussion List
List archive
[grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment
Chronological Thread
- From: Shaun Koh <>
- To: "Hyzer, Chris" <>, "" <>
- Subject: [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment
- Date: Tue, 19 Jul 2016 05:15:26 +0000
- Accept-language: en-US, en-NZ
|
Hi Chris, Thanks for the ticket, much appreciated. This is more of a generic policy that mimics the current set-up of our existing group management system where we’ve got a predefined list of admin groups that group creators/admins can pick from to view and/or modify group members, memberships,
and properties. By default, the system enforces this on every group so it may not be appropriate for the second option you’ve suggested. Will certainly give hooks a try and come back to you if I have any queries. Cheers, Shaun K. From: Hyzer, Chris [mailto:]
Unfortunately you cannot do that with rules right now. I added a jira for it. https://bugs.internet2.edu/jira/browse/GRP-1344 You could make a hook for that if it is a generic policy for the registry. Let me know if you need help. However, you can also set this up with groups if you don’t have too many groups to set it up for. i.e. have a group of admins. Only let certain people or admins manage memberships of that group. Assign that as ADMIN to where you want it. And put a rule on the group that says if no longer an
employee or whatever remove them. Thanks Chris From: []
On Behalf Of Shaun Koh Hi there, I understand this question was listed for the July 14
Grouper Call though I was not able to attend it – my apologies However, I am still inclined to know how this can be achieved hence this follow-up email. Cheers, Shaun K. From:
[]
On Behalf Of Shaun Koh Hi there, I was wondering if there is a way to determine when a rule is triggered by a privilege event (e.g. add,delete,etc) ? Specifically, I’m attempting to veto/reject `Admin` privilege assignments to groups within a folder (inc. sub-folders) if the object being assigned the privilege (group or user) is not a member of a certain group (e.g. an admin group). The closest assignment value I could find is `subjectAssignInStem` for the `ruleCheckType` attribute which checks if there is a membership add, privilege add, permission add, etc. Please let me know if I am not being clear enough. Cheers, Shaun K. |
- [grouper-users] Assistance required determining privilege event from rule trigger. -- attribute assignment, Shaun Koh, 07/08/2016
- [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment, Shaun Koh, 07/18/2016
- [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment, Hyzer, Chris, 07/19/2016
- [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment, Shaun Koh, 07/19/2016
- [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment, Hyzer, Chris, 07/19/2016
- [grouper-users] RE: Assistance required determining privilege event from rule trigger. -- attribute assignment, Shaun Koh, 07/18/2016
Archive powered by MHonArc 2.6.19.