This is a feature in v2.6.8+ that allows select attributes to be editable in group edit screen (similar to the legacy Grouper "admin ui")
This was requested by Brown as they upgrade their legacy UI and keep a similar experience for users.
This also allows the attributes to be viewable on the group screen under "details"
When to use this:
- If the use case is at all provisioning related, consider using "provisioning metadata" which is a very similar concept and experience
- If you need to use this for provisioning please contact the Grouper team about the use case
Demo edit
Demo view
Applicable attributes
- Single assign marker attributes (no value) will be a checkbox
- Single assign single valued string attributes will be a textfield
Security
This uses stock group/attributeDef security
If the user
can attributeRead on group
can read on attribute definition
then they will see the settings in the group view "details" section
If the user
can attributeRead and attributeUpdate on group (and they need admin on group to edit the group)
can read and update on attributeDef
then they can edit the attributes in the group edit screen
Configure
grouper.properties
######################################
## Group types edit view
## Identify marker attributes or single valued string attributes to be viewed or edited on group screen
## "theConfigId" is the config ID of the attribute
######################################
# attribute name that should be able to be seen on screen, e.g. a:b:c
# {valueType: "string"}
# groupScreen.attribute.theConfigId.attributeName =
# label on the left side of screen for attribute
# {valueType: "string"}
# groupScreen.attribute.theConfigId.label =
# description on the right side of screen for attribute
# {valueType: "string"}
# groupScreen.attribute.theConfigId.description =
# numeric index of the order of the attribute on the screen
# {valueType: "integer"}
# groupScreen.attribute.theConfigId.index =
Demo (from screenshot above)
Make an attribute definition for the marker
Make a name for that
Make an attribute with a value
Make a name for the value def
Configure those up in grouper.properties
# attribute name that should be able to be seen on screen, e.g. a:b:c
# {valueType: "string"}
groupScreen.attribute.azureMarker.attributeName = etc:attribute:myMfaAzure
# label on the left side of screen for attribute
# {valueType: "string"}
groupScreen.attribute.azureMarker.label = Azure require MFA:
# description on the right side of screen for attribute
# {valueType: "string"}
groupScreen.attribute.azureMarker.description = Check this box to require users in the group to have MFA required in Azure. This rollout is based on org. Users should have time to migrate and ensure their clients support MFA and do not get locked out.
# numeric index of the order of the attribute on the screen
# {valueType: "integer"}
groupScreen.attribute.azureMarker.index = 1
# attribute name that should be able to be seen on screen, e.g. a:b:c
# {valueType: "string"}
groupScreen.attribute.azureDate.attributeName = etc:attribute:myMfaAzureAttributeDate
# label on the left side of screen for attribute
# {valueType: "string"}
groupScreen.attribute.azureDate.label = Azure MFA date:
# description on the right side of screen for attribute
# {valueType: "string"}
groupScreen.attribute.azureDate.description = yyyy/mm/dd date of when users in this group will be required to use MFA in Azure. The date format is required.
# numeric index of the order of the attribute on the screen
# {valueType: "integer"}
groupScreen.attribute.azureDate.index = 2
Now anyone with proper privileges can view the attributes on the group details screen or edit them in the group edit screen