...
ABAC allows you to model rows of data for a user, and then make an ABAC script to specify criteria in that row of data. You could instantly make a group for users who have certain affiliations in certain org in their primary job in a full time capacity. Previously you needed to make a loader job to load a group with a SQL query that can join various data elements from a data warehouse.
| Info | ||
|---|---|---|
| ||
Check out this Grouper ABAC blog from November 2025 for info on using ABAC to reduce the burden of loader jobs. |
Use Case
At U Penn over 15 years we now have 700 loader jobs. Only Grouper sysadmins can manage these loader jobs for security reasons. It takes tickets to create the job, update the job, and troubleshoot the data. This valuable staff time is greatly reduced with ABAC. These loader daemons generally do not have real time updates since that is difficult to configure for every job, so hourly full syncs are scheduled which waste resources. There is no way to do grace periods on the source data unless the source database keeps data history (which likely is not the case).
...