Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-2360

rule to support "patterns" in sets of folders

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • None

    Description

      rule to support "patterns" in sets of folders.rule to support "patterns" in sets of folders.   tag a set of folders with a "pattern" attribute.

      Two Rules:

      1) "model folder" to "worker folders" Two attributes to mark folders: Model Folder Attribute ( MFA ) Sign assigned, folders Worker Folder Attribute ( WFA ) Multi assigned, folders

      2) "all folders" to "all folders" One attribute to mark folders: Pattern Folder Attribute ( PFA ) Multi assigned, folders

      Rule would "watch for changes" in a folder ( marked with MFA or PFA) and would replicate those changes to other folders ( MFA --> WFA(s), or PFA --> other PFA(s) ).

      Rule would support the following things to "replicate":

      5 separate things that can be individually replicated:

           Folders, Groups, Attribute Def (and their attribute Names), Local Entities,privileges.

           Each replication configuration has an optional value

        data values for each replicant:["new","enforced"]

           new = all new folders created in (MFA or WFA) are propagated to target folders.

           enforced = new + target folders disallow new folder creations unless they are in the model. ( not applicable for PFA's )

           NOTE: Do not automate removal of folders from the Model/PFA. Leave that "destruction of date" to a human.

       

      I hope the logic for these replicants is straight forward: "Folders, Groups, Attribute Def (and their attribute Names), Local Entities".

           Basically create new objects in the target locations.

      However "privileges" gets much more interesting.

           If the subject from the privileges is NOT contained in the MFA (or PFA ) then the privilege is an absolute privilage and should be replicated exactly.

           If the subject from the privileges is self contained in the MFA (or PFA ) then a relitive privilege should be created on the target(s).

      Example.
      MFA 

      • sub folder A
        •  group="...:MFA:sub folder A:Admin"

      AND    

      • sub folder A has a privilege that assigns "...:MFA:sub folder A:Admin" Admin privilege
      • sub folder A has a privilege that assigns ":etc:Admin" Admin privilege

      Then all WFA's( Or PFA's) that have a 'WFA:sub folder A', and a group "...:WFA:sub folder A:Admin"  should have Admin privileges to the 'WFA:sub folder A'

      Then all WFA's( Or PFA's) that have a 'WFA:sub folder A',  should have Admin privileges to the ":etc:Admin" subject on the 'WFA:sub folder A'

       

      I might be forgetting other objects that could be replicated, but the idea is that all Grouper objects could be included in the replication process.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            carey.black@at.internet2.edu Carey Black (osu.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: