Download presentation
Presentation is loading. Please wait.
Published byArnold Hart Modified over 8 years ago
1
Grouper Training Developers and Architects How to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Group and folder structure Privileges Composite groups Integrating with applications 2 Contents
3
Group and folder structure 3 Folders in hierarchies Group Direct members Subgroup Indirect members Composite groups = U
4
Example structure You are delegated a folder such as: school:engineering Admins group: school:engineering:etc:admins Applications folder: school:engineering:apps “app1” folder: school:engineering:apps:app1 4 Group and folder structure (continued)
5
Privileges 5 Create groups Create subfolders Admin Update membership Read membership View group Opt-in Opt-out Delegation
6
Should the group be public? You can assign privileges to “EveryEntity” How are group and folder privileges maintained? Give privileges to a group and update that group’s memberships. Use Grouper Rules to apply privileges automatically on new groups and folders. 6 Privileges (continued)
7
addIncludeExclude groupType Automatically creates groups to allow for a system of record group, an include group, and an exclude group. System of record group may be populated automatically by the institution. Your applications may manage the include and exclude groups. 7 Composite Groups
8
requireInGroups groupType Automatically creates groups to set up group math so that memberships in other groups are required. Other groups may be populated automatically by the institution (e.g. allStaff) Example: finalGroup = ad-hoc group ∩ allStaff May instead consider using Grouper Rules to automatically delete memberships when other memberships are deleted. 8 Composite Groups (continued)
9
Grouper Web services REST-like and SOAP Language independent Covers most Grouper operations but not all Lightweight deployment 9 Integration with applications
10
Grouper API Java only Covers all operations Has full read/write access to Grouper data Heavyweight deployment 10 Integration with applications (continued)
11
Database views Read-only SQL interface Permissions would be handled by the database. LDAP (if applicable for your institution) Read-only Often performs better than other options. Easier to make highly available. 11 Integration with applications (continued)
12
Click on the quiz link in the video description to reinforce your knowledge of this topic. 12 Quiz
13
Thanks! Further information: Infosheets, mailing lists, wiki, downloads, etc.: www.internet2.edu/grouper www.internet2.edu/grouper Grouper demo server: grouperdemo.internet2.edu/ grouperdemo.internet2.edu/ Grouper Online Training Home: spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 13
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.