Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
From: grouper-users-request@internet2.edu grouper-users-request@internet2.edu
On Behalf Of Shaun Koh
Sent: Friday, 8 July 2016 4:54 p.m.
To: grouper-users@internet2.edu
Subject: [FORGED] [grouper-users] Assistance required determining privilege event from rule trigger. – attribute assignment
Hi there,
I was wondering if there is a way to determine when a rule is triggered by a privilege event (e.g. add,delete,etc) ?
Specifically, I’m attempting to veto/reject `Admin` privilege assignments to groups within a folder (inc. sub-folders) if the object being assigned the privilege (group or user) is not a member of a certain group (e.g. an admin group).
The closest assignment value I could find is `subjectAssignInStem` for the `ruleCheckType` attribute which checks if there is a membership add, privilege add, permission add, etc.
Please let me know if I am not being clear enough.
Cheers,
Shaun K.