Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Custom Rule Validation

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Custom Rule Validation

Chronological Thread 
  • From: "Waldbieser, Carl" <>
  • To:
  • Cc: , "Hyzer, Chris" <>
  • Subject: Re: [grouper-users] Custom Rule Validation
  • Date: Fri, 24 Mar 2017 13:43:48 -0400 (EDT)
  • Ironport-phdr: 9a23:A4576BxKJzYDnh3XCy+O+j09IxM/srCxBDY+r6Qd2+gTIJqq85mqBkHD//Il1AaPBtSGra0ZwLOO6ujJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhDexe7F/IRW5oQnMqsUanJZpJ7osxBfOvnZGYfldy3lyJVKUkRb858Ow84Bm/i9Npf8v9NNOXLvjcaggQrNWEDopM2Yu5M32rhbDVheA5mEdUmoNjBVFBRXO4QzgUZfwtiv6sfd92DWfMMbrQ704RSiu4qF2QxLulSwJNSM28HvPh8J+jKxVvhGvqB5xw4DJb46aKPVwfqLac9MGXmdBQsRcWDBdDo6mc4cCDewMNvtYoYnnoFsOqAOzCQesC+z1zj9Hm2T53awk3OQ6Dw7GxhQsFM8QvXvOttX1MKkeWv2ywajG1zrDa+5Z1iz86IfWbh8suvWMUqh+ccXLyUggCR/FjkmOpoD/ITyay/kNvnGd4uF9Vuyvk3Yqpxx/rzWr3Msgl4bEi4APxlzZ6Cl12ps5KN2lREJjfNKpHp9duzuHO4Z5QM4uWXxktSYgxrEYpZK3YTAGxIkpyhPbcfCLboeF7xD5WOqMPDt0nm9pdbyhixu07EOu0PfzVtOu31ZPtidFksfDtnQK1xHL78iHVuFy80i71TaLzQ/T5PtLIEAqmqrHN54u3KQ8mYQOvkTeBiP2mUP2g7GKdkg85+Sl5eDqbq/7qpKTNYJ4kBzyPrk0lsCiAek0LxACX22B9uS90L3j81f5QLJPjvAunKjWqpTaKtkAqa64HQBazp0u6xKlADeoytsZnWcILE5ZeB2ZlYTmJUzBIO3gAfeln1usiCtrx+zBPrD5DZXNNH/DkKr5fblj8U5Q0RczzctB6JJOEbEMO/bzWk7qtNzEFR81LRa4w+fhCNVhyIweQ2SPDbGFMK/Mq1OH+P8gI/TfLLMS7S3xIuYk/Ke3pWM0g0cYdKitm4YSZDa1Euk1DV+eZC+mvd4FHW0LsxEzVqiio1SYVXQbM2m7W6425zwwIIavA47SS5yxjfqM0DrtTc4eXXxPFl3ZSSSgTI6DQfpZMC8=

At Lafayette College we take this approach to normalize the permissions for
our Grouper "apps" policies. When someone creates a policy group via the UI,
Grouper rules automatically add the correct administrator groups to the
permissions, However, the creator of the group is granted permissions by
default. A cron job sweeps through these folder trees each night and removes
permissions granted directly to subjects from our people LDAP source.

Carl Waldbieser
ITS Identity Management
Lafayette College

----- Original Message -----
From: "Hyzer, Chris"

Sent: Friday, March 24, 2017 1:27:24 PM
Subject: RE: [grouper-users] Custom Rule Validation

If you want a scheduled task, and you are in 2.3, you can configure something
in the called "otherJob" which can have a cron
schedule and run like another grouper daemon or loader job or whatever.

However, in 2.2.2, that doesnt exist. Can I suggest just writing a java
program and running it with unix cron command line? :) It would be run
something like this:

java -Xmx500m -classpath


-----Original Message-----

On Behalf Of

Sent: Wednesday, March 08, 2017 2:30 PM

Subject: [grouper-users] Custom Rule Validation

We are currently looking at a rule validation tool for Grouper v2.2.2. This
should run once a day and it would make sure that every folder down a certain
path contains groups X,Y and Z or every group has "these" privileges. If it
doesn't contain one of these, then it will fix it. We were wondering what is
the best way to do this.

The Grouper Rule Consumer uses the changelog and since we want this to run
daily, we may not have an event occurring at the time of day we want this to
occur, the tool should also check for preexisting groups. Would just creating
some grouper rules be the best way to do this?

Archive powered by MHonArc 2.6.19.

Top of Page