Details
-
Documentation
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
- Grouper Security Model - Bill Thompson
- Priv management is quite complex
- 8 priv on groups
- 8 on groups
- 6 on folders?
- Lots of combinations
- Grouper team made some decisions around how defaults should work
- Grouper Team should be more aware to explain how the default privileges work, perhaps in a separate table
- Guide to get someone up and running would be helpful
- Tutorial doc for initial deployers or adopters
- There is currently lots of Grouper documentation but not enough simple doc for beginning deployers, showing step 1, then step 2
- The info is there but there is not organized from mindset of how to get up and running
- Priv management is quite complex
- Related to priv management within Grouper
- Call out admin and security groups in GDG
- But not much guidance on how to manage
- Some work on how to understand what the privileges are and what is required.
- There may be a gap in the reference docs , We may want to add more in the admin guides
- The draft has info that belongs in various buckets, how to doc, reference doc, conceptual best practice
- Table lists all the priv and admin actions, this is good ref doc for the Grouper project
- Some Grouper features works only on Groups not on privileges
- Oregon State: this Grouper Security Model draft has good value, would be helpful, though hard to keep up to date,
- BillT: Survey of the Grouper deployments could help
- Chris: Looking at modules in the future, Grouper team should try to err on side of simplicity
- Matt: Good to have advanced features behind an “advanced” button
- Chris: we do have a lot in the UI behind the “More” menu
- For Grouper 2.6 we may want to simplify the menus in the Grouper UI
- Improve Info architecture around menus and tabs
- Grouper team should work more on documenting the privileges, folding in Bill’s Security Model draft.
- Matt: people learn this material organically
- Look from a code level backwards? Share the unit tests?
- Bubble up to a user doc set
- Jason Rappaport: took training at Madison, but still working to get up a Proof of Concept.
- Chris: GDG should help with how to get Grouper up and running and how to get an app up and running w Grouper
- Chris: about to announce configuration in database, which will lead to more Wizards in the UI
- Configuration might be an “I want to…” button
- “I want to connect to AD”
- Matt: in future, perhaps cross linking the Grouper UI back to the wiki
- Link the actual doing to the HOW TO docs
- Could have a search box in Grouper UI to search the Grouper wiki
- Shilen: the wiki doc assumes an admin is using it, would need to be dumbed down if there is a link to it from the Grouper UI
- Could create a more curated wiki area , for in-page help text
- Or have better in-page help
- Summary: in the future, provide better documentation on how Grouper privileges work:
Can use as a starting point the Grouper Security Model GDG V2 https://docs.google.com/document/d/1Zgb708hFJjk49kw6SGCfP1ZrcHYEka5i5GRni0z7iyA/edit#- Could be another guide, or an appendix
Attachments
Issue Links
- is related to
-
GRP-2533 Grouper security model and administrative access control
- Open