Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1498

People vs Account Subjects

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • subject API
    • None

    Description

      Georgia Tech tracks people and accounts separately. A single person might have multiple accounts while they transition from one account to another, or in order to separate resource ownerships or to separate administrative access from normal, non-administrative access. We also keep track of application/service accounts separately, but those don't represent the person and are separate. We have two subject sources tied into grouper.

      Generally, the following restrictions work best:

      • Business groups (Engineering-Faculty) are best limited to Person subjects
      • Administrative groups (Root Access) are best limited to Account subjects
      • Many service groups (BiologyIntranet-Users) are best when they support Person subjects
      • Services tied to usernames are best when they integrate with Account subjects

      This issue is requesting support for attributes that document restrictions a group should have on its subjects. Nested groups that might contain both People and Accounts would only add the appropriate subjects to the destination group (this can be done with intersection math). Manually adding the wrong kind of subjects would either error or translate from the selected subject into the correct subject.

      We have hooks to share that implement these, however the conversion is pretty specific to Georgia Tech.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer
            bert.beelindgren@at.internet2.edu Bert Bee-Lindgren
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: