This is a strategy to have memberships available only while they are attested.  Note this is a workaround since Grouper does not support this natively.  At some point we will support this natively.


The main group for memberships is B.  

Setup attestation

This group needs attestation

Query which only selects the group if it is attested

SELECT AS subject_identifier, 'g:gsa' AS subject_source_id 
FROM grouper_groups gg, grouper_aval_asn_asn_group_v gaaagv 
WHERE = 'test:attestation:autoAttestation:autoAttestationMembers' AND = gaaagv.group_id 
AND gaaagv.attribute_def_name_name1 = 'etc:attribute:attestation:attestation' 
AND gaaagv.attribute_def_name_name2 = 'etc:attribute:attestation:attestationCalculatedDaysLeft' AND gaaagv.value_string != '0'

Setup the loader in the overall group.  Note, this will run every hour.  If a group is shut-off, then it is attested, you will need to wait until the top of the hour, or someone will need to run the loader again.  If someone wants to use this, and wants this to be more timely, let the Grouper team know and we can make this real-time.

See that the overall group has no members

Attest the group and run the loader, and see that there are members

  • No labels