grouper-users - [grouper-users] patches for attestation on folders and reports

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] patches for attestation on folders and reports

From: "Hyzer, Chris" <>
To: " Mailing List" <>
Subject: [grouper-users] patches for attestation on folders and reports
Date: Mon, 19 Aug 2019 08:00:51 +0000
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e0gNJkrTb4QLb9sNGIG6Gwb54BBlo9PSuscmkteRvQs=; b=WXE0r1NsGrU/pzQFpyG9SRHUfKTklVinV1f7oA39BdlltmRHQNFBbmFEgmgIK+ay89bAZBsaITV9zbv8qijPpQK6pmy8ihsSItqS570O3gh5THvK/+e4JcVHaQyXpWfDim0Kfx+t6IynzwcPXL7dDW5FXD2nnldZ58PjwVzpIS6zDnxxMiLYO/9EHh2XpbFoTuTj7HPwE2+ZgRTbz6fg20K4o0WhlXeag+5fNFBJhBS+hPKBfTqRBlvSag0GiiDAnoeeMWKMyhqU1+PO4qPCDL2KUJdpIhbeK+xkop7m9+L7hjXA2X4SCJQq9YUXxV91LfgKBl/Qk5PxMkwleZotoA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EB7WbO540bNU9bmmjT0yE+w49ZOlfFlHAd5aYx3QPh5XaFvNJv9cIoGEFWe1W9Lq+lM1qQwV9PlJ9o+Is1rjC7IEBePrtDHFrCE2LAdjtzWtfb7uxFq75PiepJmy81JDyB4ajZr+4Cud+8Fhz7fAJXXGxHu3c8lZDRIvjAUB6/XUJLynIx8hYQuCXQcqC9Wi+uQSiV6jCP3SAXTAWphGcIm6rTusVr6WSbmass8vsgjr9IRQypeViPKW6ccLpjOM243XUS477/YXMDteWMIVr0axe92C32ZELD6Ck6KdcDXVpSW2M/VwrMEkiYwkZndeUGoAWAZOkVvc17717xgutw==

Hey,

Patches grouper_v2_4_0_ui_patch_41 and grouper_v2_4_0_api_patch_69 are released. There will be two more sets of patches released today.

Shilen has been working hard on these. Thanks Shilen! The patches solve three major use cases with attestation and are very valuable for deprovisioning/auditors.

If you are attesting (periodically reviewing the memberships) a group, this only really works if the group size is small and the attester knows all the people who should or shouldn’t be in the group (or maybe sets up some composites to help out). You can setup a Grouper report (new feature recently), and can give more information than just seeing the members. i.e. you could have rows for all members, columns for more contact info and job data, and columns for if the user is in a certain org, if they are active staff, if they are active at the institution, if they have taken training, if they are in MFA, if they have logged in recently, if they have had a change in affiliation in the last 6 months. Basically whatever data you have can be in the report. Then you can review groups of any size (since you are filtering by attributes), and can easily see what you need to see.
Applications frequently have multiple groups. Maybe a lot. Adding attestation to the folder or to a bunch of groups is tedious or unmanageable for the attester. You can now add attestation to folders, but not in a way that requires the attesters to look at a lot of groups. You might have noticed recently in Grouper that if you look at a folder, you can see a tab that has memberships of groups in the folder. Another feature here is you can identify certain groups in the config (e.g. activePerson, activeEmployee, activeItStaff), and you can run a real time composite report on the folder memberships. i.e. you can show the memberships of people who are not IT employees. And can remove those memberships as needed quickly. This is a kind of lightweight report. You can attest this! 😊
Again, seeing a composite might not be enough information. So you can do both of the above, by attesting a folder Grouper report. This will show whatever you want it to show, but generally all the users of all groups and any flags or attributes of those users.

If you get this patch and kick the tires let us know 😊

Thanks

Chris

[grouper-users] patches for attestation on folders and reports, Hyzer, Chris, 08/19/2019

List archive

[grouper-users] patches for attestation on folders and reports