- Under "more actions" button on groups and folders, have an "Attestation" option above "View audit log"
- Users who have Wheel, Admin or Read/Update should see that option
- This will go to a page for attestation for that group (looks like "copy" screen with breadcrumbs, name, then the attestation screen part)
- If there is no attestation for that object or parent folders, display "No attestation configured"
- If there is no attestation for that object, but there is inherited attestation, display which (closest) parent folder has the attestation and describe it
- If there is attestation on that object, describe it, allow Admins of the group (or wheel members) ability to edit the attestation
- For Group, for Wheel, Admins, or Read/Update, if there is attestation (direct or inherited), have a button that says "Members of this group have been reviewed"
- If there is no direct attestation, for Wheel, and admins, have button "Configure attestation for this group" (or folder)
- Attributes on folders, groups: (two attributeDefs)
- grouperAttestation (main flag, other attributes assigned to this assignment, no value, single assign)
- grouperAttestationSendEmail (String, true | false) default to true if not set
- grouperAttestationEmailAddresses (String) comma separated email addresses to send reminders to. If not set, then get email addresses from list of Admins and Read/Update users. Note, we need a param (in the source) of which subject attribute is the email attribute. If none sent, log error, need either emails here or emails from admins
- grouperAttestationDaysUntilRecertify (String) integer number of days until need to recertify. Can have a default in grouper.properties if not set. (180?)
- grouperAttestationStemScope (String) one|sub (for folders only, scope one level or all levels). Default to all levels.
- grouperAttestation (main flag, other attributes assigned to this assignment, no value, single assign)
Overview
Content Tools