The Grouper change log consists of three tables. The change log temp table is where every Grouper process writes events. The change log temp to change log processes these events, gives them a sequential numeric id, calculates point in time calculations, and moves the data to the change log table. Change log consumers read from the change log table and keep a pointer to their progress in the change log consumer table.
select LAST_SEQUENCE_PROCESSED from GROUPER_CHANGE_LOG_CONSUMER WHERE NAME = 'grouperRules'; |
This topic is discussed in the Advanced Topics training video. |
Grouper can integrate with or provision data to external systems in real-time. This is done using Grouper Notifications, which are based on the Grouper Change Log. Approaches include:
As of Grouper 2.0, the following change log events are supported. Note that Grouper 2.1 no longer has notifications on flattened permissions due to performance concerns. Instead, whenever anything related to a permission changes (including memberships and all the hierarchies that could be involved in forming a permission), change log events are added for all the roles involved. The action name for the change log entry is permissionChangeOnRole.
This diagram shows the Change Log and Notifications in the Grouper Architecture.
Here are some change log events, you should look in source for your version of Grouper to get the full list. See ChangeLogTypeBuiltin.java or the GROUPER_CHANGE_LOG_TYPE table.
Change Log Category | Action Name |
---|---|
attributeAssign | addAttributeAssign |
attributeAssign | deleteAttributeAssign |
attributeAssignAction | addAttributeAssignAction |
attributeAssignAction | deleteAttributeAssignAction |
attributeAssignAction | updateAttributeAssignAction |
attributeAssignActionSet | addAttributeAssignActionSet |
attributeAssignActionSet | deleteAttributeAssignActionSet |
attributeAssignValue | addAttributeAssignValue |
attributeAssignValue | deleteAttributeAssignValue |
attributeDef | addAttributeDef |
attributeDef | deleteAttributeDef |
attributeDef | updateAttributeDef |
attributeDefName | addAttributeDefName |
attributeDefName | deleteAttributeDefName |
attributeDefName | updateAttributeDefName |
attributeDefNameSet | addAttributeDefNameSet |
attributeDefNameSet | deleteAttributeDefNameSet |
group | addGroup |
group | deleteGroup |
group | updateGroup |
groupField | addGroupField |
groupField | deleteGroupField |
groupField | updateGroupField |
groupType | addGroupType |
groupType | deleteGroupType |
groupType | updateGroupType |
groupTypeAssignment | assignGroupType |
groupTypeAssignment | unassignGroupType |
member | addMember |
member | changeSubject |
member | deleteMember |
member | updateMember |
membership | addMembership |
membership | deleteMembership |
membership | updateMembership |
permission | permissionChangeOnRole (Grouper 2.1+) |
privilege | addPrivilege |
privilege | deletePrivilege |
privilege | updatePrivilege |
roleSet | addRoleSet |
roleSet | deleteRoleSet |
stem | addStem |
stem | deleteStem |
stem | updateStem |
Note: you should implement an EsbEventListener (layer on top), not a change log consumer
There is a friendly SQL view: grouper_change_log_entry_v which will be more friendly to query if you are debugging something than the grouper_change_log_entry table
See also