...
You may want to read about the Penn Secure Space Implementation of handling external subjects
Rule to allow/disallow external users
At Penn we didnt want external users all throughout our registry, we just wanted them in certain folders. So at the root folder we disallowed external subjects, and in the app, we allowed them:
Code Block |
---|
RuleApi.vetoSubjectAssignInFolderIfNotInGroup(SubjectFinder.findRootSubject(), rootStem, null, false, "grouperExternal", Stem.Scope.SUB, "rule.entity.cannot.be.external", "Person cannot be assigned if an external user");
RuleApi.vetoSubjectAssignInFolderIfNotInGroup(SubjectFinder.findRootSubject(), allowedStem, null, true, "grouperExternal", Stem.Scope.SUB, "rule.entity.can.be.external", "Person can be external");
|
To do
- Add multiple search strings and sort fields based on new member columns