You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

  • Under "more actions" button on groups and folders, have an "Attestation" option above "View audit log"
  • Users who have Wheel, Admin or Read/Update should see that option
  • This will go to a page for attestation for that group (looks like "copy" screen with breadcrumbs, name, then the attestation screen part)
  • If there is no attestation for that object or parent folders, display "No attestation configured"
  • If there is no attestation for that object, but there is inherited attestation, display which (closest) parent folder has the attestation and describe it
  • If there is attestation on that object, describe it, allow Admins of the group (or wheel members) ability to edit the attestation
  • For Group, for Wheel, Admins, or Read/Update, if there is attestation (direct or inherited), have a button that says "Members of this group have been reviewed"
  • If there is no direct attestation, for Wheel, and admins, have button "Configure attestation for this group" (or folder)
  • Attributes on folders, groups:  (two attributeDefs) (note, autocreate these attributeDefs and attributeNames on startup)
    • grouperAttestation (main flag, other attributes assigned to this assignment, no value, single assign)
      • grouperAttestationSendEmail (String, true | false)  default to true if not set
      • grouperAttestationEmailAddresses (String) comma separated email addresses to send reminders to.  If not set, then get email addresses from list of Admins and Read/Update users.  Note, we need a param (in the source) of which subject attribute is the email attribute.  If none sent, log error, need either emails here or emails from admins
      • grouperAttestationDaysUntilRecertify (String) integer number of days until need to recertify from last certification.  Can have a default in grouper.properties if not set. (180?)  
      • grouperAttestationStemScope (String) one|sub (for folders only, scope one level or all levels).  Default to all levels.
      • grouperAttestationDateCertified (String) yyyy/mm/dd is the last date certified for this group.  (only for groups, not stems) 
  • Edits to the screen should generate attestation specific audits
  • Daemon should run daily and look for groups which have not been attested.  Should group by user.  Send each user who get an email their own email with a list of groups and linked to be attested.  Remind the user about clicking the button saying it is certified.
  • Future scope
    • If attestation is not done in a certain amount of time, disable the memberships or group somehow
    • Have screen that shows all attestation assignments in the registry (which folders and groups have the attestation flag)
    • Have screen that shows all groups that need to be attested with their status.  If there are too many groups, then have a search for them, or maybe select parent folder?
      • Be able to filter this by groups that are overdue for certification
  • No labels