Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: [tier-api] TIER Grouper Security Model - GDG V2

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: [tier-api] TIER Grouper Security Model - GDG V2

Chronological Thread 
  • From: "William G. Thompson, Jr." <>
  • To: "Hyzer, Chris" <>
  • Cc: "" <>, TIER-API <>, Keith Hazelton <>
  • Subject: [grouper-users] Re: [tier-api] TIER Grouper Security Model - GDG V2
  • Date: Wed, 3 Jan 2018 16:26:48 -0500
  • Ironport-phdr: 9a23:s9dNQxZmZL03nmyZxgqFJ2b/LSx+4OfEezUN459isYplN5qZpsy4ZB7h7PlgxGXEQZ/co6odzbaO6ua4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahfL9+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQctQHS2pcRcZRTzJODZ+gb4UBCOoBOPxXr4j7p1ATqRezCg2hCObpxzRVhHH5wLc63vwjHgHI3AIuEdEAvmnKotrpO6kfSvy1zLDSwDnfc/9axTXw5Y7VeR4hu/GMWrdwfNLfxUYvFgPFilGQqY3/MDOQy+8DsnKX5Pd+W+KvjG4nrhlxoiOoxscqkoXCm4Ybykre+Sl33Y04ItO5SEFnYd6kF5tQsjqXN4RzQsw4QmFovDw2xaEBuZ6+ZSUHzoksyRDYa/yCaYeI4xTjWf6eITd/g3Jld7a/iAio/Ue8ze38U9G4301OripYjNbMtG4C2AbV6sicUPdy4kCh2TOJ2gvO6e9EOVg5mbTaJpI9wLM9k5QTvEfYESPqnUj7g7Oaelk59eWt9+vrfqjpq5qZOoNqlA3xKKIjkdGlD+siKAgBRW2b9Py81LL9+U35R61HjvgsnanYtJDWPN0bprKlDwNM3Ycv9QizAC283NQXmnkHK11FeBaZgITzJ17OJ/X4Ae++g1Sqjjhr2+jLMqPgD5nRLHXOlbnhcLVm5EJAzQc+wsxT645JBbwEPP3/RlL+udndAxMnLQC72f7rCNBn2YMfXWKPDLWZMKTXsVKQ6OMvLPWMZI8SuDb4MPUl6PvugmU4mV8ZZ6WmwZwXaHWgEvR8P0qZeWbsgssGEWoSsQo+VuvqiECaUTFNfXa+Rr885iolB4K8FofOXYStgL2a3CenBZ1aeHpKClGKEXf0aYqEQfEMZzyOIsN/iDALS6WuS5I53xG0qAD606ZnLvbT+iAAqZLj1cZ65/fKmR4o7Tx0Dt+Q02WMT2FvgmMIXCE60Lp+oUx71leMz7J4g/pGGtxP+f9FSBk1OoPBz78yN9enECLQbNqTDB6NQs+nGnt5Gtc6w84cblxVGs6pyA3b0iysRbIZiurYKoYz9/eW4Hn1I8d0zj7pkuEdj14jWtBIMynupLQ5vUCHGIHVk0Kcv6mvfKUYmiXK8THQniK1oEhEXVsoAu3+VncFax6T8I30

Thanks, Chris. This is exactly the kind of input we're looking for.
We're planning on discussing this a little more on the TIER-API call
this Friday, Jan 5th. This is an open call and anyone who's interested
in sharing and discussing the grouper security model is welcome to

Friday, Jan 5th
10 am Eastern, 7 am Pacific, 3 pm London, 4 pm Amsterdam

To join via Phone:
1) Dial one of these numbers or see all numbers -
+1.888.240.2560(US Toll Free)
+1.408.317.9253 (Alternate number)
2) Enter Conference ID: 678543210#

A very rough draft of the deployment guide section is available here:

We currently have two goals in mind for this section: 1) concise
description of the grouper privileges model, 2) TIER recommendations
on how to manage those.

Please feel free to add comments to the doc. Appreciate any thoughts or input.


On Fri, Dec 22, 2017 at 2:30 PM, Hyzer, Chris
>> If you have a long standing or a newish Grouper deployment, how are
>> you managing Grouper privileges? Have you adopted any organizing
>> principles to help maintain them? Running any scripts or Grouper rules
>> to enforce a security model? Adopted a naming convention for grouper
>> security groups? Doing any audit of grouper privileges?
> At Penn we assign privs to groups, and generally in an etc folder, and with
> inherited privs (whichever ones are needed). We default all groups to not
> viewable or readable. We have a descriptive name extension. If one is
> read/update we call it "managers".
> e.g.
> [Folder] :penn:[...]:apps:secureSpace
> [Group] :penn:[...]:apps:secureSpace:etc:secureSpaceAdmins (can ADMIN
> inherited the secureSpace folders/groups/attributeDefs and subobjects)
> [Group] :penn:[...]:apps:secureSpace:etc:secureSpaceManagers (can
> READ/UPDATE inherited the secureSpace folders/groups/attributeDefs and
> subobjects)
> (could have Readers, Viewers, Optins, or whatever is needed)
> Those groups are dependent usually on activeEmployee as a rule, or have a
> rule to email the school/center admins if an org changes of someone in
> those groups...
> Thanks
> Chris

  • [grouper-users] Re: [tier-api] TIER Grouper Security Model - GDG V2, William G. Thompson, Jr., 01/03/2018

Archive powered by MHonArc 2.6.19.

Top of Page