Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
Description
rule to support "patterns" in sets of folders.rule to support "patterns" in sets of folders. tag a set of folders with a "pattern" attribute.
Two Rules:
1) "model folder" to "worker folders" Two attributes to mark folders: Model Folder Attribute ( MFA ) Sign assigned, folders Worker Folder Attribute ( WFA ) Multi assigned, folders
2) "all folders" to "all folders" One attribute to mark folders: Pattern Folder Attribute ( PFA ) Multi assigned, folders
Rule would "watch for changes" in a folder ( marked with MFA or PFA) and would replicate those changes to other folders ( MFA --> WFA(s), or PFA --> other PFA(s) ).
Rule would support the following things to "replicate":
5 separate things that can be individually replicated:
Folders, Groups, Attribute Def (and their attribute Names), Local Entities,privileges.
Each replication configuration has an optional value
data values for each replicant:["new","enforced"]
new = all new folders created in (MFA or WFA) are propagated to target folders.
enforced = new + target folders disallow new folder creations unless they are in the model. ( not applicable for PFA's )
NOTE: Do not automate removal of folders from the Model/PFA. Leave that "destruction of date" to a human.
I hope the logic for these replicants is straight forward: "Folders, Groups, Attribute Def (and their attribute Names), Local Entities".
Basically create new objects in the target locations.
However "privileges" gets much more interesting.
If the subject from the privileges is NOT contained in the MFA (or PFA ) then the privilege is an absolute privilage and should be replicated exactly.
If the subject from the privileges is self contained in the MFA (or PFA ) then a relitive privilege should be created on the target(s).
Example.
MFA
- sub folder A
- group="...:MFA:sub folder A:Admin"
AND
- sub folder A has a privilege that assigns "...:MFA:sub folder A:Admin" Admin privilege
- sub folder A has a privilege that assigns ":etc:Admin" Admin privilege
Then all WFA's( Or PFA's) that have a 'WFA:sub folder A', and a group "...:WFA:sub folder A:Admin" should have Admin privileges to the 'WFA:sub folder A'
Then all WFA's( Or PFA's) that have a 'WFA:sub folder A', should have Admin privileges to the ":etc:Admin" subject on the 'WFA:sub folder A'
I might be forgetting other objects that could be replicated, but the idea is that all Grouper objects could be included in the replication process.