Versions Compared

Old Version 19

changes.mady.by.user Vivek Sachdeva (google.com)

Saved on

compared with

New Version Current

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You should use the inherited privileges screen to control this. This rule is on the folder where groups are created (or ancestor folder).

...

Configure rule for v5+

Image Added

Configure rule for v4 and previous

Penn example

Penn has Atlassian groups in Grouper.  Any group created in Grouper in the jira/confluence folder will be available in jira/confluence.  However, the proper privileges need to be assigned to the groups.  The Atlassian admins need admin, updaters need update, and readers need read.  These assignments are done by 3 people, and it is error prone (assign the wrong thing), sometimes forgotten, and time consuming.

...

Code Block
gsh 18% revokePriv("stem2:sub:c", "test.subject.0", Privilege.getInstance("update"))
false
gsh 19% status = GrouperLoader.runOnceByJobName(grouperSession, GrouperLoaderType.GROUPER_RULES);
loader ran successfully: Ran rules daemon, changed 0 records
gsh 20% hasPriv("stem2:sub:c", "test.subject.0", Privilege.getInstance("update"))
true


Apply rule to certain groups

If you want the rule to only apply to groups with certain names, an admin can apply this condition

Code Block
attributeValueDelegate.assignValue(
    RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.nameMatchesSqlLikeString.name());
attributeValueDelegate.assignValue(
    RuleUtils.ruleIfConditionEnumArg0Name(), "a:b:%someGroup");