130 likes | 246 Views
Grouper Training Developers and Architects How to Design Groups. Shilen Patel Duke University. This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Contents. Group and folder structure Privileges Composite groups Integrating with applications.
E N D
Grouper TrainingDevelopers and ArchitectsHow to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
Contents Group and folder structure Privileges Composite groups Integrating with applications
Group and folder structure Folders in hierarchies Group Direct members Subgroup Indirect members = Composite groups U
Group and folder structure (continued) • Example structure • You are delegated a folder such as: school:engineering • Admins group: school:engineering:etc:admins • Applications folder: school:engineering:apps • “app1” folder: school:engineering:apps:app1
Privileges • Create groups • Create subfolders • Admin • Update membership • Read membership • View group • Opt-in • Opt-out Delegation
Privileges (continued) • Should the group be public? • You can assign privileges to “EveryEntity” • How are group and folder privileges maintained? • Give privileges to a group and update that group’s memberships. • Use Grouper Rules to apply privileges automatically on new groups and folders.
Composite Groups • addIncludeExcludegroupType • Automatically creates groups to allow for a system of record group, an include group, and an exclude group. • System of record group may be populated automatically by the institution. • Your applications may manage the include and exclude groups.
Composite Groups (continued) • requireInGroupsgroupType • Automatically creates groups to set up group math so that memberships in other groups are required. • Other groups may be populated automatically by the institution (e.g. allStaff) • Example: finalGroup = ad-hoc group ∩ allStaff • May instead consider using Grouper Rules to automatically delete memberships when other memberships are deleted.
Integration with applications • Grouper Web services • REST-like and SOAP • Language independent • Covers most Grouper operations but not all • Lightweight deployment
Integration with applications (continued) • Grouper API • Java only • Covers all operations • Has full read/write access to Grouper data • Heavyweight deployment
Integration with applications (continued) • Database views • Read-only SQL interface • Permissions would be handled by the database. • LDAP (if applicable for your institution) • Read-only • Often performs better than other options. • Easier to make highly available.
Quiz Click on the quiz link in the video description to reinforce your knowledge of this topic.
Thanks! • Further information: • Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper • Grouper demo server:grouperdemo.internet2.edu/ • Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.