...
Element Name | uhReleasedGrouping | ||||||||
Description | This has all the released groupings that a person belongs to. Each such grouping represents an application or function for which all of the grouping's members have been authorized.
UH Groupings can be used as a central authorization management resource, and this attribute makes it even easier. You typically create a grouping to contain people authorized to do something in your application, then release that grouping by choosing uhReleasedGrouping as a sync destination. Your application can then check whether the grouping is in this attribute when it is returned by CAS/LDAP. This makes authorization implementation extremely simple. There is no need to write or maintain your own authorization code or to host your own authorization data.
| ||||||||
UH Data Classification | Restricted per Executive Policy 2.214 | ||||||||
LDAP Attribute Info |
| ||||||||
Required Format for Storage | string(256), format: {a..z}{A..Z}{0..9}{:-._+=*} | ||||||||
Example Stored Data(2) | There are three types of data that can go into uhReleasedGrouping:
Note that there is no namespace collision between the three types of values. Obfuscated groupings always begin with obf: and curated groupings will always begin with hawaii.edu:store. Regular groupings are guaranteed to never have a colon, so there is no collision. | ||||||||
Systems of Record | N/A because the data comes from UH Groupings. A grouping could be entirely ad hoc, meaning there was no system of record involved, or a grouping's basis could be built using the UH Group Store, which has groups from all systems of record. | ||||||||
Notes |
|
...