grouper-users - [grouper-users] RE: [tier-api] TIER Grouper Security Model - GDG V2
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: "William G. Thompson, Jr." <>, "" <>, TIER-API <>
- Subject: [grouper-users] RE: [tier-api] TIER Grouper Security Model - GDG V2
- Date: Fri, 22 Dec 2017 19:30:46 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:rrWGBR/pR8lvv/9uRHKM819IXTAuvvDOBiVQ1KB+0+ITIJqq85mqBkHD//Il1AaPAd2Craocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HObwlSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/YYsADesBMvpXoYbyvFYOsQCxCRWwCO/z1jNFhHn71rA63eQ7FgHG2RQtE9wMvnXUrdT6Kr0SXfiox6TWzTXDdfJW2Szz5IPVdR0hpO2DXbJwcMvQ10YvDRjIjlSLqYP5JT+Vy/wNvHad7+pmT+6glXMoqxxorzWp28wiiZHJi5oLxl/e6Sl13YM4KcClREJmZNOkHpRduz2GO4ZzQM4tXW5ltSk/x7ADp5K3YDYGxIw6yxPRd/CLaYyF7g/5WOqPPDt1gGhpdK+9ihuz90Wr1/fyWdOu0FlQqypIitnMuW4J1xzU8sWJUudw8EC91TqRzgzd9/lKLV0tmarcMJEu3KQ8lp0OsUTfBSD2n1j2jKmLeUk+4uio8ePnYqn4qZCAK490iwb+MqI0lsy4HOQ4LgwOX2+c+eS/zrHs4Ur5QLBSgv03lKnWrozaKNwFqqGjHwNZz4Mu5wuiAzu71dkYk3YKIE5ZdB+CjYXmJV7DLf/9APq6nVigjClny+jDPrL7A5XNKnbDkK3mfbZ480NczRY8zdBf5pNVFL4BOun+Wk7qtNPEFBM5LhS0zPjhCNV7zI8RR3+AArKBPKPIrVCI/v4vI/WLZIINtzb9Mf8l5+P2jXAng18RZLSp3YAJZ3CiBfRrOEGZYXv3gtcdCmcGoBAyTO3siF2eTzFTfXCyULwg5j0lEo6pE5rMRp21irybwCi7BoFWZnxBCl2UDXfodpuLW+0VZC2IOs9hkycJVbygS486yRGurxH2x6BmLurS5i0Xq4jj1N5r6O3Pix0+7yJ7ANmA0zLFc2Yh1FwJQzs31aU3jgo19leE1LBjhPocXf5JobkBBhg1KZ7bysR1DtnzXkTKedLfDB7sTc+hHCk8VJcs2NIUeG58HcmvlBbOw3DsDrMI3fTfC4Yz77rRxT3sPMtn0F7H0rUslV8rXpEJOGG70Oo3yyn+Pcvgq2TRw7qreL5Z1TbM3GaF0WeUukxECkh9XbiTDl4FYU6D5/To9E7YC/eFCa4mKUEJncuJKrpYZ8fBjE5NAur7NdLYJW+9hjHjVl6z2rqQYd+yKC0m1yLHBR1BylhL8A==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
> If you have a long standing or a newish Grouper deployment, how are
> you managing Grouper privileges? Have you adopted any organizing
> principles to help maintain them? Running any scripts or Grouper rules
> to enforce a security model? Adopted a naming convention for grouper
> security groups? Doing any audit of grouper privileges?
At Penn we assign privs to groups, and generally in an etc folder, and with
inherited privs (whichever ones are needed). We default all groups to not
viewable or readable. We have a descriptive name extension. If one is
read/update we call it "managers".
e.g.
[Folder] :penn:[...]:apps:secureSpace
[Group] :penn:[...]:apps:secureSpace:etc:secureSpaceAdmins (can ADMIN
inherited the secureSpace folders/groups/attributeDefs and subobjects)
[Group] :penn:[...]:apps:secureSpace:etc:secureSpaceManagers (can
READ/UPDATE inherited the secureSpace folders/groups/attributeDefs and
subobjects)
(could have Readers, Viewers, Optins, or whatever is needed)
Those groups are dependent usually on activeEmployee as a rule, or have a
rule to email the school/center admins if an org changes of someone in those
groups...
Thanks
Chris
- [grouper-users] TIER Grouper Security Model - GDG V2, William G. Thompson, Jr., 12/22/2017
- [grouper-users] RE: [tier-api] TIER Grouper Security Model - GDG V2, Hyzer, Chris, 12/22/2017
Archive powered by MHonArc 2.6.19.