We need some way of logging changes in groups and their memberships. It is important for integration of our Sun Idm instalation with Grouper. Grouper 1.4 doesn't offer this feature (hooks may do the job) so we develop set of triggers and views which provides this functionality. We are using Oracle and Postgres, but final solution is based on Postgres (best open-source database). There is no fancy logic so it should be possible convert these triggers and use the in other RDBMS (Oracle, MSSQL, ...).
Info about changes in groups and memberships are stored in table grouper_changes which has following columns:
- operation - specify what kind of operation was made: insert, delete
- item_type - specify type of entity: group or membership
- item_id - id of entity: group_id or member_id
- item_name - name of group or member
- parent_item_id - id of parent group or stem
- parent_item_name - name of parent group or stem
- timestamp
SQL scripts
- grouper_changes.sql - sql script for table grouper_changes
- record_attribute_changes.sql - function which monitors changes in table grouper_attributes and logs info about changes in groups
- record_membership_changes.sql - function which monitors changes in table grouper_memberships and logs info about changes in memberships
- triggers.sql - sql script for triggers
For Grouper IDM resource adapter we have two views:
- grouper_idm_groups.sql - list of groups
- grouper_idm_memberships.sql - list of members