#
# Grouper Configuration
# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
#

# Grouper uses Grouper Configuration Overlays (documented on wiki)
# By default the configuration is read from grouper.base.properties
# (which should not be edited), and the grouper.properties overlays
# the base settings.  See the grouper.base.properties for the possible
# settings that can be applied to the grouper.properties

#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
configuration.autocreate.system.groups = true

# A wheel group allows you to enable non-GrouperSystem subjects to act
# like a root user when interacting with the registry.
groups.wheel.use                      = true

# Set to the name of the group you want to treat as the wheel group.
# The members of this group will be treated as root-like users.
groups.wheel.group                    = etc:sysadmingroup

# Used to allow Include Exclude groups
grouperIncludeExclude.use = true
grouperIncludeExclude.requireGroups.use = true

##################################
## Lockout groups.  Could be used for other things, but used for policy group templates at least
## if there is no allowed group, then anyone could use it
##################################

# allowed to use this lockout group.  If not configured, anyone could use
# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.allowedToUse\\.\\d+$"}
# grouper.lockoutGroup.allowedToUse.0 = ref:lockoutCanUse

##################################
## Require groups.  Could be used for other things, but used for policy group templates at least
## if there is no allowed group, then anyone could use it
##################################

# group name of a require group
# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
#grouper.requireGroup.name.0 = ref:iam:active

# allowed to use this require group.  If not configured, anyone could use
# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"}
# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse

# grouper reporting file system path where reports will be stored, e.g. /opt/grouper/reports
# {valueType: "string", required: false}
reporting.file.system.path = /tmp