Versions Compared

Old Version 32

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 33

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
spaceKeyGrouper
pageTitleNavigation

Overview

Grouper has a hierarchical namespace of folders in which to organize Groups, Roles, and Permissions. For large deployments of Grouper, the namespace can make the UI overwhelming for users to find the objects they want to manage.

...

  • Application owners can tag the main folder of their application as a "Service" so that users can easily find the service in the Grouper registry.
  • An admin of a service can go to the UI and see which services they are an admin of, and filter the UI by that service
  • A "My Services" thing in the Grouper 2.2 UI that shows users what services they can access, or perhaps can't access, and that shows users that are also a service admin for one or more services an indication that they have that role and maybe even an ability to exercise it.
  • A user wants to know whether they are permitted to access a given service, and if not, a step they might take towards (re)establishing their access to it.
  • Service Desk staff able to do the same on behalf of a user.
  • Report on all services whose access is managed by a given Grouper instance, even if those services aren't all provided by the same IT shop.
  • Service names are assigned by multiple people given that permission, and so they must not collide.
  • Services could filter the subjects able to be resolved?
  • A user of a service can go to the UI and see which services they are a user of, and filter the UI by that service
Info

This "My services" feature is not designed for users who simply want to see what they have access to.  One way to see that is to use the link under the search bar (in upper right corner) that has your name in it.   It is also suggested for users to take advantage of the "Favorites"  feature.


Service design

The design for services is based on the attribute framework. There is an attribute definition type reserved for this, called: service. Originally it was called "domain" but never used, and this has been refactored to "service" in Grouper 2.2+, and is automatically migrated on upgrade. A service attribute is assignable to folders. Any user who can create objects in a folder can create a service attribute and attribute name and assign it to their objects.

...