Grouper Users - Open Discussion List

["Waldbieser, Carl" <>]

At Lafayette College we take this approach to normalize the permissions for 
our Grouper "apps" policies.  When someone creates a policy group via the UI, 
Grouper rules automatically add the correct administrator groups to the 
permissions, However, the creator of the group is granted permissions by 
default.  A cron job sweeps through these folder trees each night and removes 
permissions granted directly to subjects from our people LDAP source.

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

----- Original Message -----
From: "Hyzer, Chris" 
<>
To: 
,
 

Sent: Friday, March 24, 2017 1:27:24 PM
Subject: RE: [grouper-users] Custom Rule Validation

If you want a scheduled task, and you are in 2.3, you can configure something 
in the grouper-loader.properties called "otherJob" which can have a cron 
schedule and run like another grouper daemon or loader job or whatever.

However, in 2.2.2, that doesnt exist.  Can I suggest just writing a java 
program and running it with unix cron command line?  :)  It would be run 
something like this:

java -Xmx500m -classpath 
${GROUPER_HOME}/classes:${GROUPER_HOME}/lib/*:/location/to/your.jar 
some.package.YourClass

Thanks
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of 

Sent: Wednesday, March 08, 2017 2:30 PM
To: 

Subject: [grouper-users] Custom Rule Validation

We are currently looking at a rule validation tool for Grouper v2.2.2. This
should run once a day and it would make sure that every folder down a certain
path contains groups X,Y and Z or every group has "these" privileges. If it
doesn't contain one of these, then it will fix it. We were wondering what is
the best way to do this.

The Grouper Rule Consumer uses the changelog and since we want this to run
daily, we may not have an event occurring at the time of day we want this to
occur, the tool should also check for preexisting groups. Would just creating
some grouper rules be the best way to do this?