Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
There are times that limiting the number of members in a group has value.
It would be helpful to have data driven (attribute based) limits that could control the
subject source(es)
and number ( MAX and MIN) of subjects from those sources for a given group.
and a "only subject sources" list too.
Suggested: Throw a veto of the membership add when a violation happens.
Advanced option: Make the veto configurable to a "warning" and send email instead of a veto.
Example uses:
MIN = 2 --> prevent having a group with only one member. Useful for "admin" groups.
MAX = 50 --> useful for limiting due to licensing or other external limits on a provisioned service
source "g:isa" could be excluded ( by setting MAX =0 ) if nesting groups are disallowed.
source "g:gsa", could be excluded ( by setting MAX =0 ) if nesting groups are disallowed.
source "grouperEntities", could be excluded ( by setting MAX =0 ) if grouper Entities are disallowed.
etc....
I picture a set of attributes like:
groupLimits
sourcesAllowed = "gisa,g:gsa,jdbc" // only allow these three sources as members
sourceMaxLimit = "g:isa=0" // limit direct and indirect membership adds
sourceMaxLimit = "g:gsa=0"
sourceMaxLimit = "jdbc=50"
NOTE: if multiple subject sources need to be limited, then having "ref groups" ( that are each limited to a smaller number) that are embedded in other ref groups with the total max enforced there.