From 0359738eb769caffd0e984afae0610472e99f3c5 Mon Sep 17 00:00:00 2001 From: Keith Hazelton Date: Wed, 11 Jan 2023 13:35:42 -0600 Subject: [PATCH] Update ps2grouper.adoc --- ps2grouper.adoc | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/ps2grouper.adoc b/ps2grouper.adoc index 1592916..24db1b9 100644 --- a/ps2grouper.adoc +++ b/ps2grouper.adoc @@ -19,39 +19,47 @@ So when we did the integrations with HR And Finance, those were done as as SOAP Those that are polling or polling every five minutes are an acceptable form of data integration. But a second path that we use is Informatica, an ETL tool. So the main thing that's that's used for is for developers in the group that runs people soft to write queries, and then either push those out the different locations, or create apis in informatica for people to retrieve data without having direct database access. + So the developers in relation to group or do a fair amount of querying of things in those databases, and then pushing information into grouper for a couple of use cases i'll talk a little bit more about. -And then lastly, I I would, I should mention. Is it near real time for those other integrations. In the case of the informatic etls, it's really up to the developer. Most of those are things that run on kind of a daily cycle. But,,, the developer in informatic that has the capability to schedule things as often as they want them to run. It really is up to them. + +Is it near real time for those other integrations? In the case of the Informatica ETLs, it's really up to the developer. Most of those are things that run on kind of a daily cycle. But,,, the developer in informatica has the capability to schedule things as often as they want them to run. It really is up to them. The business logic to publish those into reasonable affiliations happens inside Directory Manager. The Directory manager also does those SOAP queries that I mentioned. So that's the direction we decided to go with for -HR and finance. So it connects to HCM and queries for jobs and associations with the construct that we described here. For the +HR and finance. + +It connects to HCM and queries for jobs and associations with the construct that we described here. For the poorly worded affiliate status which is basically your sponsored researchers -contractors anybody who you can't really say is an employee of the university, but still has quite a formal relationship with the University goes through what we call our affiliate process, and that creates those associations. The Directory manager is is what they call every five minutes or So +contractors anybody who you can't really say is an employee of the university, but still has quite a formal relationship with the University goes through what we call our affiliate process. That creates those associations. + +The Directory manager is is what they call every five minutes or so for any new jobs and associations that are available. And then also, once a week, has so pinpoint that a call and say, Okay, cycle through and give me everybody so that it can do a full synchronization. And then there's just a very simple query over to Peoplesoft finance, really. Only thing that I am cares about from -our finance installation is what are the department names? So it gets nbers department nbers that are associated with jobs or associations or student status. -, but it it's nice to have a friendly name to associate with those department nbers, and so it retrieves those friendly names from our our finance install. +our finance installation is what are the department names? So it gets nbers department nbers that are associated with jobs or associations or student status. But it it's nice to have a friendly name to associate with those department nbers, and so it retrieves those friendly names from our our finance install. + And then Directory manager is responsible for essentially has its own open ldap instance running kind of locally to that application, and then we use the built-in open all that sync where to? To? To to that out to our our large open installation, and then finally, That's where Grouper can run. It's loader jobs and retrieve things from Ldap. So just like we run loader jobs for databases. We've got these that run directly against our open laptop installation, and that gives group or, - first of all, it's subject source, -but also affiliations with student type and departments all come through wearing that open all that instance. So this. These are fairly indirect, as obviously. But as I mentioned, they perform well that this works. -, it's just kind of -old and - very you and C specific -the The second flow that we have I mentioned informatica, +first of all, it's subject source, +but also affiliations with student type and departments all come through wearing that open all that instance. So this. These are fairly indirect, as obviously. But as I mentioned, they perform well that this works. It's just kind of +old and very C specific. + +The second flow that we have I mentioned informatica, and it's doing sql queries into any of the big towers along with some other data sources. Honestly, it's just here we're We're concerned about Peoplesoft and then informatica has the capability to push those in the group or via the group or web services. So a lot of the roles that are people solve security folks create are useful in other applications besides just inside people's, so they they function. As for proxies to other data that people might have access to because of the roles that they have. And and one of the Peoplesoft powers. So, for example, they can go to a data warehouse. + and instead of having a separate role structure for the data warehouse the people self-security folks would rather just replicate those roles that they have, and people solve the Grouper, and then ! It can be queried, or L. That can be queried to retrieve that information about those roles. We also do use this for some special group that our Hcm. People need to keep track of, anyway. So an example that I off the top of my head is who's in a hipaa-related department? So are you in a hip a covered entity? ! Because there's a nber of of things that want to know that, for example, our our zoom installation needs to know if you're if or not, because it turns on and off. You know, certain capabilities inside of zoom and . So -all of those are published. A group or many of them are then published to that to be consed. But this gives group or some knowledge about internal - people, self-security information as well as those kind of edge case groups that we haven't come across a friendly, her way to to get replicated out for consption to be a group, -and I should have said this before. But but Please interrupt with questions as we go along, because I know these paths are are fairly divergent. So it's a really, really quick one about the diagram that you're showing that Are the arrows correct? Are you taking data from and from Fromatica and sending it to people talk? Or is it the other way? +all of those are published. A group or many of them are then published to that to be consed. But this gives group or some knowledge about internal people, self-security information as well as those kind of edge case groups that we haven't come across a friendly, her way to to get replicated out for consption to be a group, + +and I should have said this before. But but Please interrupt with questions as we go along, because I know these paths are are fairly divergent. + +So it's a really, really quick one about the diagram that you're showing that Are the arrows correct? Are you taking data from and from Fromatica and sending it to people talk? Or is it the other way? I I I usually debated which way to point these arrows, but this is our sql query, so informatic that is, reaching out to the Peoplesoft hours, The Nsql query and pulling data back. I see. -the third flow is just direct loader jobs that people saw from that group or a queries people. Software so probably the the courses and course roles are the +The third flow is just direct loader jobs that people saw from that group or a queries people. Software so probably the the courses and course roleare the main use of these queries. We we do publish all of our courses out to group, or you know, each semester, and then break out the different roles inside the courses. So, student student, you know, faculty primary @@ -556,4 +564,4 @@ Audio Transcript meeting going to where those people are are, and show up there, and figure out what kind of conversation have, and what kind of goodies to share. So ! We'll keep - up the good fight \ No newline at end of file + up the good fight