grouper-users - RE: [grouper-users] Grouper Question
Subject: Grouper Users - Open Discussion List
List archive
- From: "Redman, Chad" <>
- To: "Black, Carey M." <>, "Hyzer, Chris" <>, Angel Fancher <>, "" <>
- Subject: RE: [grouper-users] Grouper Question
- Date: Wed, 18 Sep 2019 15:54:14 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=unc.edu; dmarc=pass action=none header.from=unc.edu; dkim=pass header.d=unc.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A3ja/AnoH8zMFi9qKkh+kjf6UsoWRywmRaBvc2MxtDk=; b=exMFxk8J3VbUxU9x+atY3vjjy5QJpDwXImh1Ah5rqtaWLtbXL1rgBH1lLSRAGYh38GmRMQLRWMa66aJO2erv0LjNgJzhN8OBtNWm/sOoHc0vzUs79dZLHlvmj4GIzvGRnPIXbDmrEANTtejAE0CN+b3lX4mBy7YheaCnw1NhGyXLr3SUHYQt6HtnL5m7YTe6slyMJdQPYdZCK0HjMskEWV1Qqw5UX38DlALvsGO2yzGNLUG9o7PtGjgUiAv3XXtcavVXmK0LyIo6eIOtY4p6MKdmDwoEoEWzXvMqrt2jWnTFW4iWNQJoAvmcZKeIFGGoOJRxQ2qY+HjMA0mmDe7rsA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nVwa4u9sXAzBD1tlkqg0daEkqzMX3Px2f4+V3uTZKVeNGqDm3+S6T9lqAMaB0K0xGqiODGOCNGyNYxjulPuZ/X8ELcKdC0SenG0L+lHZHb+07/9xx61FXSIc7dbtiwOn1DjhT1H9FE6s1FIpDpfbJbhMFMca3THWs6n9908nKaDv4aLse8mnExFYsvQoSR5FRWmQP0e3NsAzZ6zKcaPnS8h9TFH2pYj2QNaeaSxsTQV7Vk5izaFGDB8TZY/xaQZZBz4GujV0IqazeZshdy28q0eQzQNwCLtFbPQsGJh6LwRXHA+NiatyBKwStjMt6AXP/71LESo7WAlMs80KbdQ6RQ==
I guess I've never looked at this in detail before. It looks like nothing ever gets deleted from the grouper_members table? USDU will delete memberships and privileges for members in use where it can't resolve to a subject, but doesn't affect the members themselves. So the group/stem UI still shows the user's last known name, per the last time it was resolvable.
From: [mailto:]
On Behalf Of Redman, Chad
It would be an interesting thing to test. For memberships of course this happens, and that's why there is the USDU utility to clean them up. But if it's the creator attribute? It's just a foreign key field in the groups/stems tables rather than in a relation, so it would be used differently, *if* it's used. There is the UI, but also api and WS calls that may try to link it up to the unresolvable. I'm curious, so I can try this out and report back.
Carey, good find on the methods. There are setCreatorUuid methods for stems, groups, memberships, and composites. So they would all need to be fixed :)
creatorUuid looks to be using Member.getUuid(), so also correct!
-Chad
From: []
On Behalf Of Black, Carey M.
Angelique,
I don’t think I understand your concerns. What do you think will break?
“…and I am wondering how that will affect the folders and groups going forward? “ To my knowledge it will not have any effect. I suspect the owner (display value) might be “odd”, but I would hope that would be ok too. In fact I would be a bit disappointed if the display string even changes. I would hope that enough data would be cached in the Member tables to still display something. But I have not tested that idea.
Do you have any existing examples currently? Are you doing something “else” with your Subject API’s in the upgrade process?
FWIW: I have chosen to have a Subject source directly tied to our IDM system, and it’s primary identifier, to avoid this issue. ( Currently we do not “throw away” identities. )
As far as I know the only concern I would have would be about access controls to the folder. Until v2.3 patch (38?) the creator always got “admin” privileges directly assigned to them. ( In the patch Grouper stopped doing that if the creator was also in a group that had Admin.) However that “problem” would happen as soon as the individual ( assuming they were the only person who had admin to that folder ) left the organization. So that issue is not triggered by the Subject API not being able to resolve them.
I have not looked at the API for this feature before… However a quick look…. Maybe this would work? Class edu.internet2.middleware.grouper.Stem
Has a method: public void setCreatorUuid(String creatorUUID) { . . . } and public void store() { . . . }
So I would think that GSH ( or any other API ) could find the Stem, then call those two methods to alter the value. NOTE: UUID is likely the grouper ‘Member ID’ value that you see when you expand the “More” list on the member. ( But I am guessing at that. )
-- Carey Matthew
P.S. RE: “blind email” … Isn’t that what mailing lists were created for? 😊 P.S.S. If you want to discuss more details off list, feel free to send directly to me.
P.S.S. I just saw that Chris also responded… So “What he said.” 😊 No wait.. I will reply to his email instead… ( copy and paste ensued…)
-- Carey Matthew
From: <>
On Behalf Of Hyzer, Chris
I think you will see their subject id if they are not resolvable… right? so you don’t need to worry about it, just do your upgrade. If an error is thrown we can fix that.
If you want to do some sql you could change them… otherwise theres not really a way to change the creator since the creator is the creator 😊
thanks
From: <>
On Behalf Of Angel Fancher
I am trying desperately to find the answer in the Grouper 2.4 and 2.2 documentation but I am coming up a blank. I seem to be going around in circles and wondered if you could direct me to the right area?
In folders in Grouper, how can the creator be changed? In this instance, as we move to upgrade from 2.2 to 2.4 we have creators of groups that are no longer with the University and so no longer on LDAP and I am wondering how that will affect the folders and groups going forward?
Sorry to send a blind email, but I am getting desperate!! We don't think there is a way in the UI. I wonder if there is a way with the API?
-- Angelique Fancher
Identity and Access Management Systems Analyst West Bank Office Building, 626-A University of Minnesota Minneapolis, MN 55414 612-301-9186 |
- [grouper-users] Grouper Question, Angel Fancher, 09/12/2019
- RE: [grouper-users] Grouper Question, Hyzer, Chris, 09/13/2019
- RE: [grouper-users] Grouper Question, Black, Carey M., 09/13/2019
- RE: [grouper-users] Grouper Question, Redman, Chad, 09/13/2019
- RE: [grouper-users] Grouper Question, Redman, Chad, 09/18/2019
- RE: [grouper-users] Grouper Question, Redman, Chad, 09/13/2019
- RE: [grouper-users] Grouper Question, Black, Carey M., 09/13/2019
- RE: [grouper-users] Grouper Question, Hyzer, Chris, 09/13/2019
Archive powered by MHonArc 2.6.19.