In a patch in 2.4 we will add provisioning in the UI. This can be for multiple provisioners including PSPNG and other things like Box provisioning.
This will be attribute based:
Attribute definitions
| Definition | Assigned To | Purpose | Value | Cardinality |
|---|---|---|---|---|
provisioningDef | folder, group | identify a group type | marker | Multi assign |
provisioningValueDef | folder assignment, group assignment | name/value pairs | string | Single assign, single valued |
Attribute names
| Name | Definition | Value |
|---|---|---|
provisioningMarker | provisioningDef | <none> |
provisioningTarget | provisioningValueDef | Related to a config in grouper-loader.properties which links this provisioner to entend the class GrouperProvisionerBase |
provisioningDirectAssign | provisioningValueDef | if this is directly assigned or inherited |
provisioningOwnerStemId | provisioningValueDef | if this is not a direct assignment, then this is the stem id where it is inherited from |
provisioningStemScope | provisioningValueDef | If folder provisioning applies to only this folder or this folder and subfolders. one|sub |
provisioningDoProvision | provisioningValueDef | If you should provisioning (default to true) |
provisioningLastFullMillisSince1970 | provisioningValueDef | Millis since 1970 that this was last full provisioned |
provisioningLastIncrementalMillisSince1970 | provisioningValueDef | Millis since 1970 that this was last incremental provisioned. Even if the incremental did not change the target |
provisioningLastFullSummary | provisioningValueDef | Summary of last full run |
provisioningLastIncrementalSummary | provisioningValueDef | Summary of last incremental run |
Target specific properties
For each target, the following properties can be configured. They need to be set in grouper.properties
#name and key you want to give to your target. key is used to configure the label for the UI provisioning.target.pspngLdap1.key = pspngLdap1Key #members of the configured group are allowed to assign this target provisioning.target.pspngLdap1.groupAllowedToAssign = #if this target should only be assigned to one stem provisioning.target.pspngLdap1.allowAssignmentsOnlyOnOneStem = false #if this target is read only and cannot be assigned from provisioning UI provisioning.target.pspngLdap1.readOnly = false
To assign label for the key configured above, a corresponding entry needs to go in grouper.text.en.us.base.properties or grouper.text.en.us.properties for English. For other languages, add an entry into corresponding externalized language file.
provisioningUiLabelForKey_pspngLdap1Key = OpenLDAP production
UI actions
- Edit LDAP configs (grouper loader properties)
- Enable a provisioning target type (grouper loader properties)
- Enable a provisioning target
- Disable/Enable a provisioning target for folder or group
- See grouper loader logs for change log consumers
- Manage change log bookmark for change log listeners
- Trigger a full sync (send message), look at provisioningLastFullMillisSince1970 until complete
Permissions
- ADMIN on folder you can see configs?
- READ on group you can see the configs?
- By default you have to be grouper admin to do provisioning
- Provisioning target type Java implementation could allow group/folder ADMINs to be able to edit? Anyone need this? Might be nice for SAML
Issues
- Do not provisioning internal groups list systemOfRecord
- Decide how that works with DoProvision
- Decide how that works with DoProvision
Screenshots
Use the "More actions" button to access Provisioning
List of assigned targets for a folder
Assigning a target to a folder
