Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Web app environment-specific groups?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Web app environment-specific groups?


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Peter DiCamillo <>, Tomo O'BRIEN <>, "" <>
  • Subject: RE: [grouper-users] Web app environment-specific groups?
  • Date: Fri, 8 Dec 2017 19:58:29 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:8mVwBR9jdLvNSP9uRHKM819IXTAuvvDOBiVQ1KB+0+oQIJqq85mqBkHD//Il1AaPBtSLraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze6/9pnQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/YYsADesBMvpXoITmvVQCsQeyCBOwCO/zyDJFgGL9060g0+QmFAHLxAIsEdAOsXXVstr1Lr8eWv2rwanI1zXDbuhW1Tng44XPdxAuvfGMXLJxcMXP00kiDALFjk6MpoD/IjOVzvoCs26d7+Z6S+2glnMnphh3rzOyxckskpHEipwPxVzY6Cl0xZs5KcClREN+b96pH4dcuz2fOoZ0XMwvTGFltSM/x7EYpZK2fjAGxIkpyhLDcfCKd5WE7gj9WOqMJTp0nm9pdbC+ihu07EOu0PfzVtOu31ZPtidFksfDtnQK1xHL8saKVvxz8lu/1TqWyQ3c6PxILVkzlaXANZEt2LkwlocPsUvYGS/2hUP2g7KMekU84Oio7Pjnbav6qZ+ANo90jQf+Pr4pmsyiHeQ4Ng8OX2+Y+eimyLLj+kj5TK1Ljv0wjKbZrIjXKdoBqaKlHgNY15sv5wuiAzqj3tQVkmULIE5AdR+FkYfkNFHDLfX9APuhn1ihki9nx/XcMb3gBpXNIGLDkLDkfbtl7k5T1AozzNBe5p1KELEMO/PzWlTtu9DCEx85KxK7w+DhCNlnyIwRRH+PDreDMKzOqV+I+v4vI+6UaY8aojb9LOUl5+bwgn8jgFMdYLKp0oUNaHCjBflmJ0SZYWHwgtcaD2sGpAs+TOr2iFKcSz5TYWi9X74i6j0hFo2pEJrDFciRh+m50Tu2BNV6Z0tPD1GIFXCgI52JR/oWXy6TKcZkkzgAUpCrUYg+01ejuBKsj/JbKe/TsgpXn6jC+f49s/HUkBYa/zFuDMmZ3nDLQm1pyCdADTAs271nrFY410yOy7NQgvpEGMZV6u8TFAo2KNSUm+NgDM3qVxiEY8yEUk2OQ9O6DCs3Q85rhdICfhAuNc+li0WJ/zu4DqVR35eLHp0vuOqI2nPxNtRw0V7Hz6JnkkErRM0JOGG70P0svzPPDpLExh3K352hcr4RiWuUrD+O
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

We’ve done multiple things for various apps as well:

 

1.       The way that Peter said

 

penn:app:someApp

penn:app:someAppTest

penn:app:someAppDev

 

2.       We have a main folder “penn”, and another main folder “test”, which somewhat mirrors that.  So the folders would be:

 

test:app:someApp

 

3.       We also have a test env for grouper, which some apps use:

 

{prod endpoint} -> penn:app:someApp

{test endpoint} -> penn:app:someApp

 

I think the last option is not good because the test env is not up all the time e.g. during upgrades.

The second option is not good unless there are only two envs (prod and non prod)

First option works J

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Peter DiCamillo
Sent: Friday, December 08, 2017 1:20 PM
To: Tomo O'BRIEN <>;
Subject: Re: [grouper-users] Web app environment-specific groups?

 

When we've done that, we've used folders for the different environments. The APP folder would contain PROD, QA, and DEV folders (or whatever environments you require.) In each environment folder there would be individual role groups, such as Owners, Developers, and Testers as you mentioned. So one group might be APP:QA:Testers. I don't know that there's any Grouper best practice for this. I'd like to know about it if there is.

Peter

On 12/8/17 12:49 PM, Tomo O'BRIEN wrote:

Hi folks,

 

We're interested in environment-specific groups like {APP}-Dev, {APP}-QA, {APP}-UAT, {APP}-Prod so we can have appropriate permission groups for each environment. 

 

I haven't seen this pattern described on the wiki but maybe I'm just not looking in the right places?  Has anyone developed a naming/composite structure for this situation?

 

I'm thinking about something like:

 

{APP}Owners (functional owners)

{APP}Developers 

{APP}Testers 

 

{APP}-DEV (union of Owners + Developers or maybe just Developers)

{APP}-QA (union of Owners + Testers)

{APP}-PROD (just Owners)

 

At some point we'd also have an intersection with our Employees + include - exclude group -- not sure where this is best positioned - after the ad hoc owners/developers/tests group or after the union of owners+testers or developers

 

Any thoughts or suggestions would be appreciated!

 

Thanks!

 

Tom O'Brien 

 

 

 


Archive powered by MHonArc 2.6.19.

Top of Page