Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] what is a group authorized to do ?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] what is a group authorized to do ?

Chronological Thread 
  • From: Julio Polo <>
  • To: Steven Carmody <>
  • Cc: Grouper-Users <>
  • Subject: Re: [grouper-users] what is a group authorized to do ?
  • Date: Wed, 1 Mar 2017 11:09:19 -1000
  • Ironport-phdr: 9a23:QRyOABXJ50dxGcSVVfrVQWX/luLV8LGtZVwlr6E/grcLSJyIuqrYbBSBt8tkgFKBZ4jH8fUM07OQ6PG9HzdYqs/d7DgrS99lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBoKevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyrQjdrMcbjZdtJqosxRbErWZDdvhLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfMTQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklDsLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI63cokBAPcbPetArYb9qVsAoxW9CwexGu3g1iRFiWXq0aAgyektDR3K0Q4mEtkTsHrUttL1NKIKXO6x0anIyTTDb/RL0jnn74jIdhchquyLULJybMrRzUgvFwTeg1WQs4PkMSma1uUMs2SB8eVvSP+vhnchpgpsoTav3t8hhpfIi44JyF3J8Ct5zYUuKtGkTUN2bsKoHIdNuyyfK4R6XtgtTmRttSok1LEJp5i2dzUQxps93R7QcfmHfpCI4h39UOaRJi91hHd/d7K+gxa+6EmgyvHgWsWt31dGsDRJncfWunAC0BzT7ceHSv9j8Uu7xTmP0AXT5vlFIUAyi6XbN4YszqAxm5YPs0nOGyH2lUbtg6OKc0gp9fSk5/j6brjjupCQK5R7hwT7P6gwhMCwH/w0Mg0UUGia/eS82qfj/Ur8QLhSjP02j63ZsJHdJckApq62GQFU3Zwi6xa+FTupzskXnWQfIFJfZB2Hl5TpO03JIP3gAve/mVOskCpzx//YJL3tG4jNLmPdn7f7ZrZw8EpcyAsozdBD/JJYFKsNIPP1Wk/tqtPYFBk5PBKow+r5EtlyyJ4RWX/cSpOeZZjOvEGF4KoEKvOJY4ME8GLmN/U76vjZhnYjnFgRbIGjx5wIbja1EukwcGuDZn+5oMoFEGBChg06S6S+ikCGUDl7Z3+tVqM9oDw3FdT1Xs/4WomxjenZj2+AFZpMazUDUwjUHA==

I would advocate creating a group for each application/service (for each authz need).  Each of those application groups can include the same officially-sanctioned group for the desired department, but each group can have its own exceptions (inclusions and exclusions). To help track all such groups, you can create a special attribute to identify them or you could just put them all under one folder.


On Wed, Mar 1, 2017 at 9:41 AM, Steven Carmody <> wrote:

We've got a growing community of dept-based people taking advantage of delegated management of group membership. And we've got a growing community of service owners managing the membership of their service eligibility groups. They sometimes include dept-based-groups in their eligibility groups.

We now have some dept-based group managers asking "before I add a person to group X, how can I find out the set of permissions and services are granted to that group?". A perfectly reasonable question.

I can see that using service management groups might help to develop an answer -- I'm wondering if other sites have yet encountered this question, and what tools they are providing to users who want an answer ?

thanks !

Archive powered by MHonArc 2.6.19.

Top of Page