Use cases for rules, with implementation examples. Note that for Grouper release 2.0 the features of the rules engine are driven from the use cases below. If you want to do something else with rules contact the Grouper dev team.
Email notifications on disabled dates
If an entity is going to be disabled from an employee group, send an email to the subject and an admin
Email notifications
If an entity is no longer a member of the employee group, send an email to the employee and an admin
Email notifications permissions
If an entity loses permissions from an attributeDef, send an email to the employee and an admin
Email notifications permissions disabled dates
If an entity is going to be disabled from permissions, send an email to the employee and an admin
Composite-ng intersection permissions
If an entity is no longer a member of the employee group, remove them from the group for application X
Composite-ng intersection
If an entity is no longer a member of the employee group, remove them from the group for application X
Disabled-date activation
If a student is no longer a member of the course X group, then change the membership in the course wiki group to have an end date in one week (note, this assumes that if the student is out of the course group, they fall out of the wiki group, another variation is to set an end date on an existing membership)
Disabled-date permissions activation
If a student is no longer a member of the course X group, then end date the permissions in the course wiki group with end date in one week
Composite-org
If an entity falls out of any group in the IT organization groups (meaning not a central IT employee anymore), then remove them from group X
Composite-org permissions
If an entity falls out of any group in the IT organization groups (meaning not a central IT employee anymore), then remove permissions from an attributeDef
Inherited permissions
If a group, stem, or attribute definition is created under folder a:b, then apply privileges to the group of READ,UPDATE to group a:security:admins (note, for stems or attribute definitions the privileges will be different accordingly)
Veto if not eligible
If a user is not an employee, do not allow to be added to application group
Veto permission if not eligible
If a user is not an employee, do not allow to have permissions assigned