Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Advice on automating nested groups

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Advice on automating nested groups


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Hyzer, Chris" <>
  • To: "Coleman, Erik C" <>, "" <>
  • Subject: RE: [grouper-users] Advice on automating nested groups
  • Date: Fri, 29 Mar 2019 19:58:24 +0000

I do that with the loader.  Might mean some delay on how soon the groups get added to the larger group, I run mine every 30 minutes…  I could picture a rule doing that, but ive never done it.   If you want to go down that path I could investigate.  But with a rule someone could unassign the group.  Maybe we need a rule and a loader?  Or a way to hook up real time loader to the loader job?

 

Heres an example:

 

https://spaces.at.internet2.edu/display/Grouper/How+to+automatically+include+groups+with+a+name+pattern

 

Thanks

Chris

 

From: <> On Behalf Of Coleman, Erik C
Sent: Friday, March 29, 2019 3:53 PM
To:
Subject: [grouper-users] Advice on automating nested groups

 

I’m curious if anyone has been challenged and found a solution to automatically “nest” groups into larger groups, based on some pre-defined matching criteria.  The use-case here is that we have some applications that want to use a large quantity of Grouper groups for some pretty specific access controls, organized in multiple folders, and then have larger groups that are an accumulation of all these smaller groups, for example, the members are all the groups in the “app:web:index” folder.  By hand, this is simple, merely add the smaller groups as members of the larger group, but it involves remembering and making sure we add any newly-created smaller groups to that group.  I tried brainstorming and came up with a few approaches:

 

  1. Use a Loader job.  It seems to me we could query Grouper itself for a match of groups, then just insert them as members, though I’m curious what such a query and loader config would look like.
  2. Set up a rule.  I don’t know much about Grouper rules, but I’ve set them up to establish inheritance of access controls.  Would seem to me, that maybe we could have a rule that if a group is created in a folder, add it as member to another group?
  3. Script it externally using GSH or Web Service.  This would give greatest control to the application to just double-insert memberships, but the learning curve for the API is a bit steep. 
  4. Use custom attributes.  Would probably still require one of the above methods, but you could assign an attribute, then something queries for that attribute and inserts all groups that have that attribute set.

 

If anyone has accomplished this, would you be willing to share your queries or methods?

 

Thanks!

 

Erik Coleman

University of Illinois at Urbana-Champaign

 


Archive powered by MHonArc 2.6.19.

Top of Page