Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

Can you not let users search but if someone knows the exact ID it would look them up?

 

I think your way would work though you would have unresolvables in the UI…  which I think could be bad.

 

Can the other view return them by ID but not by identifier or search and maybe obfuscate the data (similar to above)?

 

We could try to make a generic subject customizer based on configured cols in the JDBC2 source if you like… should be easy…

 

Thanks

Chris

 

 

From: [mailto:] On Behalf Of Derek D Owens
Sent: Wednesday, November 09, 2016 2:10 PM
To:
Subject: [grouper-users] restricting subject results in ui search

 

In our Grouper 2.3.0 system, we're using a Db view via GrouperJdbcSourceAdapter2 for subjects. The subjects in our Db contain many different types of user NetIDs, including ones used for administrative (privileged) access. Due to concerns about information exposure, it's been requested that we restrict access to these privileged accounts within the Grouper UI so that they do not return in search results for end-users of the UI.  We do need to have these subjects available to place into groups, so they need to be available and resolvable in our subject Db. 

 

I'm investing writing a SubjectCustomizer with filterSubjects to filter out the search results in the UI. However, would a viable quick fix be to create a new subject view in our subjects Db which does not return the privileged subjects and configure our Grouper UI instance to use it? We'd keep our grouper daemon (etc.) configured to the use the full subject Db view. Would there be any issues caused by the Grouper UI using a different subject Db than the other grouper components? Could this affect the membership data in the grouper Db for those privileged subjects?

 

Thanks!

 

Regards,
Derek