This is a strategy to have memberships available only while they are attested. Note this is a workaround since Grouper does not support this natively. At some point we will support this natively.
The main group for memberships is B.
Setup attestation
This group needs attestation
Query which only selects the group if it is attested
SELECT gg.name AS subject_identifier, 'g:gsa' AS subject_source_id FROM grouper_groups gg, grouper_aval_asn_asn_group_v gaaagv WHERE gg.name = 'test:attestation:autoAttestation:autoAttestationMembers' AND gg.id = gaaagv.group_id AND gaaagv.attribute_def_name_name1 = 'etc:attribute:attestation:attestation' AND gaaagv.attribute_def_name_name2 = 'etc:attribute:attestation:attestationCalculatedDaysLeft' AND gaaagv.value_string != '0'
Setup the loader in the overall group. Note, this will run every hour. If a group is shut-off, then it is attested, you will need to wait until the top of the hour, or someone will need to run the loader again. If someone wants to use this, and wants this to be more timely, let the Grouper team know and we can make this real-time.
See that the overall group has no members
Attest the group and run the loader, and see that there are members