grouper-users - Re: [grouper-users] example basis and reference groups?
Subject: Grouper Users - Open Discussion List
List archive
- From: Andrew Jason Morgan <>
- To: Liam Hoekenga <>, Bill Thompson <>, "Hyzer, Chris" <>
- Cc: Grouper Users <>
- Subject: Re: [grouper-users] example basis and reference groups?
- Date: Wed, 16 Dec 2020 05:46:43 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oregonstate.edu; dmarc=pass action=none header.from=oregonstate.edu; dkim=pass header.d=oregonstate.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cpfFKlHH8mpu7bdfJVxPc46/godTbejFI8XcZ7UcIEw=; b=JUe6LLbBBIw9K8X0dO4EC7z3aB9AmdMfO3mVLwfAF5hkb6lpRtUfmPplqC7FXYyIYBEhLTbbU3SuR3A+oBrN2sFyXs0N/c8ZDbjeIb9snY0HK4hV8Sr/gn2ZBcBcHUX7XQ4R7s2U5bq3n4ZEeUNmb0xbXVlTlUmuP9aHM+ihFYp0Eb6oL5SW2AXV8m0APjtekCvWg4V5RvWlpd/z5s5vcchBC0d+dHDjNEAvjBQlut48wHz0YFcIPsyFfFsCTVn5/SgIFiZ/glDsoLkol6OV9otG0U/cd+cZX38dDdSP5jPanMbSSiW4TGebiIb0ruNdeZocm72tyBzMFyrmmprCLQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dyVXtqEvaEVffM2bl2N3T+gVWZ6eBpLhHKCbdJ+axe/JRrtEMbtX7szxU74sm/suRjOfCZSLCIqEbbfhhv71kzfVE4N3g4qhoJywqRhgY31EgIbbGpOtzYevKCPLssX+gPhi9V4oXtUChVbcMPwdY3d7PyLa9d2ybefZVkMeKgfVNJc5iH3FCzTlVJNP6ERePa1xhBzaOCjtInzrby0brP2oldwRQromR/VtU7/Y4ohpAUyl8pD0fioCNa4ncgmDt4fiiv+mEYKFiOnRP1v5PpXVmHnLd3+9VXhHeItHSpiQgLks7er80mMSLdet1B0+5+dyVXvsS7Yd7Ho/fBaEZA==
One reason to always create a reference group is that it allows IAM to modify basis groups without updating policy groups. If you don't have a layer of abstraction between the loader job and the access policy, it is harder to make changes to loader jobs.
Andy
From: <> on behalf of Hyzer, Chris <>
Sent: Tuesday, December 15, 2020 12:04 PM
To: Liam Hoekenga <>; Bill Thompson <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] example basis and reference groups?
Sent: Tuesday, December 15, 2020 12:04 PM
To: Liam Hoekenga <>; Bill Thompson <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] example basis and reference groups?
[This email originated from outside of OSU. Use caution with links and attachments.]
One specific question though. If a dept code 1234 is arcane but also institutionally meaningful, then is that a basis or a reference? It is used in policies and has properties of both ref/basis. My gut says reference since it is used in policies, but I could
also see that as basis. Maybe just pick one and doesnt matter that much since its a gray area? I think classlists could be a similar situation... course F2020_eng_cis_101 is both arcane and institutionally meaningful and is used in policies... thoughts?
🙂
From: <> on behalf of Bill Thompson <>
Sent: Tuesday, December 15, 2020 12:37 PM
To: Liam Hoekenga <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] example basis and reference groups?
Sent: Tuesday, December 15, 2020 12:37 PM
To: Liam Hoekenga <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] example basis and reference groups?
Indeed. Policy groups should be service specific and backed up by reference/basis groups that can be used in any policy where they are needed.
On Tue, Dec 15, 2020 at 12:34 PM Liam Hoekenga <> wrote:
Hey Bill!
That would be fantastic. I'll contact you off list.
> Generally we let access policy requirements drive what reference and basis groups we have.We've been warned about making groups that were too specific / implemented for very specific uses. I've been hoping we could generalize some stuff and make some broadly useful groups.
Liam
On Tue, Dec 15, 2020 at 11:19 AM Bill Thompson <> wrote:
Hi Liam,
Happy to jump on a call to review Lafayette's setup. Generally we let access policy requirements drive what reference and basis groups we have.
Best,
Bill
On Tue, Dec 15, 2020 at 11:27 AM Liam Hoekenga <> wrote:
We're trying to figure out how we want to slice and dice our HR data into basis and reference groups. I'm aware of the "arcane codes" vs "institutionally meaningful" descriptions.. but it feels like some of our arcane codes might be institutionally meaningful (e.g. "department ID number").
I was hoping people might be willing to share samples of what they've implemented?
thanks!--Liam HoekengaITS Identity and Access ManagementThe University of Michigan
- [grouper-users] example basis and reference groups?, Liam Hoekenga, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Liam Hoekenga, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Hyzer, Chris, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Andrew Jason Morgan, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Black, Carey M., 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Michael Gettes, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Hyzer, Chris, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Black, Carey M., 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Hyzer, Chris, 12/23/2020
- Re: [grouper-users] example basis and reference groups?, Black, Carey M., 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Andrew Jason Morgan, 12/16/2020
- Re: [grouper-users] example basis and reference groups?, Hyzer, Chris, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Liam Hoekenga, 12/15/2020
- Re: [grouper-users] example basis and reference groups?, Bill Thompson, 12/15/2020
Archive powered by MHonArc 2.6.19.