This is a strategy to have memberships available only while they are attested.  Note this is a workaround since Grouper does not support this natively.  At some point we will support this natively.




automaticRemoveIfNotAttested




The main group for memberships is B.  





Setup attestation





This group needs attestation




Query which only selects the group if it is attested


SELECT gg.name AS subject_identifier, 'g:gsa' AS subject_source_id 
FROM grouper_groups gg, grouper_aval_asn_asn_group_v gaaagv 
WHERE gg.name = 'test:attestation:autoAttestation:autoAttestationMembers' AND gg.id = gaaagv.group_id 
AND gaaagv.attribute_def_name_name1 = 'etc:attribute:attestation:attestation' 
AND gaaagv.attribute_def_name_name2 = 'etc:attribute:attestation:attestationCalculatedDaysLeft' AND gaaagv.value_string != '0'

Setup the loader in the overall group.  Note, this will run every hour.  If a group is shut-off, then it is attested, you will need to wait until the top of the hour, or someone will need to run the loader again.  If someone wants to use this, and wants this to be more timely, let the Grouper team know and we can make this real-time.



See that the overall group has no members



Attest the group and run the loader, and see that there are members