Versions Compared

Old Version 62

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 63

changes.mady.by.user Michael Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You may want to read about the Penn Secure Space Implementation of handling external subjects

Rule to allow/disallow external users

At Penn we didnt want external users all throughout our registry, we just wanted them in certain folders.  So at the root folder we disallowed external subjects, and in the app, we allowed them:

Code Block

 RuleApi.vetoSubjectAssignInFolderIfNotInGroup(SubjectFinder.findRootSubject(), rootStem, null, false, "grouperExternal", Stem.Scope.SUB, "rule.entity.cannot.be.external", "Person cannot be assigned if an external user");

RuleApi.vetoSubjectAssignInFolderIfNotInGroup(SubjectFinder.findRootSubject(), allowedStem, null, true, "grouperExternal", Stem.Scope.SUB, "rule.entity.can.be.external", "Person can be external");

To do

  • Add multiple search strings and sort fields based on new member columns