The Person Attributes Group Store ("PAGS")
The PAGS makes user defines group memberships by logical expressions on attributes retrieved by PersonDirectory appear to be group memberships. (PersonDirectory initializes IPersons with attributes retrieved from one or more sources of directory information, including, for example LDAP. For more information, see the PersonDirectory documentaton.)
Capabilities of PAGS
PAGS computes entity memberships by testing the value of selected IPerson attributes. Like PersonDirectory, the PAGS retrieves information one user at a time. As a result, it can answer inquiries about what groups a particular IPerson or group member belongs to, but it cannot answer inquiries about what entity members are contained by a given group.
Can do:
| Code Block |
|---|
contains() find() findContainingGroups() |
Can't do:
| Code Block |
|---|
findEntitiesForGroup() |
Although PAGS groups cannot answer their entity members, they are aware of their member groups. So they can also do:
Can do
| Code Block |
|---|
findMemberGroupKeys() findMemberGroups() |
This will usually suffice for authorization, so the PAGS can be thought of as an authorization-oriented group store. Since PersonDirectory supplies information about IPersons and not about ChannelDefinitions or other portal entities, a further limitation is that the PAGS can only contain memberships associating IPerson group members with IPerson groups. _
Configuring the Store.
The contents of the store is declared in a configuration document, properties/groups/PAGSGroupStoreConfig.xml. The dtd is as follows:
...
8. Copy properties/groups/PAGSGroupStoreConfig.xml.
9. Copy webpages/dtd/PAGSGroupStore.dtd.
10. Modify compositeGroupServices.xml, adding the PAGS group store implementation configuration.last revised: 10/22/2004, d.e.