Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
Description
From: Jeffrey Crawford
Sent: Tuesday, December 01, 2015 12:18 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
Morning Chris,
Reminder of the request to enforce one group membership per folder
Thanks
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 12:51 PM, Jeffrey Crawford wrote:
Put a reminder on my calendar for Dec 1 
, thanks!
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 12:47 PM, Chris Hyzer wrote:
Ok, remind me in 6 weeks and I will take care of this for you
Thanks,
Chris
From: Jeffrey Crawford
Sent: Tuesday, October 27, 2015 3:47 PM
To: Chris Hyzer
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
This particular project is not going live until beginning of next year, not super urgent, and we can make do with a manual process in the meantime but it would be sweet to have grouper to it automatically.
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 12:45 PM, Chris Hyzer <mchyzer@isc.upenn.edu> wrote:
Ok, we can do folders. Just curious, when do you need this?
From: Jeffrey Crawford
Sent: Tuesday, October 27, 2015 3:45 PM
To: Chris Hyzer
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
Not sure which works best, if someone wanted to categorize policies in sub-folders, would putting the rule on the folder still work. It seems like it's easier to understand, "From this point on, users can only be in one group" I do like the folder idea. Just thinking about what others might do.
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 12:37 PM, Chris Hyzer wrote:
You could also do it with an attribute on the groups if you like… either that or like I described below (attribute on a folder)
From: Jeffrey Crawford
Sent: Tuesday, October 27, 2015 3:37 PM
To: Chris Hyzer
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
yea I suppose on the folder level that would work, I guess if you are going to be in a policy you'd keep the policies in one folder. At lest we are doing it that way.
so yes within that folder a subject can only be in one group. If they are added to another, they should be removed from the first.
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 12:16 PM, Chris Hyzer <mchyzer@isc.upenn.edu> wrote:
So you want a folder where a subject can be in one and only one group in that folder and if in another when added, remove from the other(s), right?
From: Jeffrey Crawford
Sent: Tuesday, October 27, 2015 2:58 PM
To: Chris Hyzer
Cc: Gouper Users List
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
I'm willing to test if you guys come up with something. I can imagine it would be useful to others as well.
Jeffrey E. Crawford
ITS Application Administrator (IdM)
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Tue, Oct 27, 2015 at 11:14 AM, Chris Hyzer wrote:
I think a hook is better for this… until we have better rule support for this
If you need help let me know
Thanks,
Chris
From: Jeffrey Crawford
Sent: Tuesday, October 27, 2015 2:13 PM
To: Chris Hyzer
Cc: Gouper Users List
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
There are about 8 or 9
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Mon, Oct 26, 2015 at 10:00 PM, Chris Hyzer wrote:
Are all the groups in one folder? If it's 4 groups only forever then some rules might work. Otherwise might need a hook and java logic.
-------- Original message --------
From: Jeffrey Crawford
Date:10/26/2015 3:44 PM (GMT-05:00)
To: Chris Hyzer
Cc: Gouper Users List
Subject: Re: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
This is more like a trigger. Let say you have 4 policies for a service:
policy1
policy2
policy3
policy4
The system can only map a user to a single policy. Since we are representing this with groups a member can only be a member of one of the above groups.
So if for example someone changes jobs and needs to move from policy1 to policy3, however the person managing the groups forgets to remove the user out of policy1 then they are a member of two policies, which can cause bad behavior. Therefore if grouper can trigger a job when a user is added to policy3 to make sure said member is removed if they exist in policy1 policy2 or policy4.
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------
On Mon, Oct 26, 2015 at 11:22 AM, Chris Hyzer wrote:
Can you give a more explicit example please?
Groups can be members of other groups. i.e.
GroupA has GroupB as a member, and GroupB has jsmith as a member
GroupA2 also has GroupB as a member, which also means jsmith is an effective member of GroupA2.
If you remove jsmith from GroupB, then jsmith will then not be an effective member of GroupA or GroupA2. Is that what you want?
Thanks,
Chris
From: grouper-users-request On Behalf Of Jeffrey Crawford
Sent: Monday, October 26, 2015 2:19 PM
To: Gouper Users List
Subject: [grouper-users] Auto removal on groupA or groupB when "added" to groupC
I know the RuleApi allows you to remove from groupA if removed from groupB, however we have a concept of "profiles" which require that a user is only a member of a single group in a particular series of groups.
I was wondering if you have such a concept since trying to remember to remove someone from a group if they are added to another group is error prone.
Jeffrey
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------