Subject: Grouper Developers Forum
- From: Chris Hyzer <>
- To: "" <>
- Subject: get permission assignments web service
- Date: Sun, 18 Apr 2010 14:48:05 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
I finished the get permission assignments web service. This is for Grouper’s permission management capability where it can store central permissions/privileges for applications.
Get permission assignments. These permissions can be on roles or subjects (note if assignment is assigned directly to a subject, it is in the context of a role).
You can lookup permissions by attribute definition, attribute definition name, role name or uuid, or subject. You can filter by action. Note you must pass in at least an attribute definition, attribute definition name, role, or subject, and you can mix and match.
All returned permission assignments will be filtered for security based on the logged in or acted as user (security rules are on attribute framework wiki)
The returned data will include the permission assignments, and a normalized list of references (role, attribute definitions, attribute names (if requested with includeAttributeDefNames=T), subjects, etc)
You can lookup assignments by multiple owners, definitions, subjects, actions, etc (non-lite operation only)
If you want to return details on the assignment (e.g. the depth of each hierarchy etc), pass in the param: includePermissionAssignDetail=T
If you want to return the underlying attribute assignment objects, pass in the param: includeAttributeAssignments=T
If there are limits or other metadata on the permission, to read those, pass in includeAttributeAssignments=T and includeAssignmentsOnAssignments=T. Note these attribute assignments on assignments are only on the immediate assignment, not effective.
Get permission assignments lite service
Here is the grouper client information:
getPermissionAssignmentsWs web service usage:
java -jar grouperClient.jar --operation=getPermissionAssignmentsWs [--includeAttributeAssignments=T|F] [--includeAssignmentsOnAssignments=T|F] [--includeAttributeDefNames=T|F] [--includePermissionAssignDetail=T|F] [--attributeDefNames=a:b,b:c] [--attributeDefUuids=1a,2b] [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=1a,2b] [--roleNames=a:b:c,a:b:d] [--roleUuids=1234,abcd] [--subject0SubjectId=subjId0] [--subject0SubjectIdentifier=subjIdent0] [--subject0SubjectSource=source0] [--enabled=A|T|F] [--actions=read,write] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]
e.g.: java -jar grouperClient.jar --operation=getPermissionAssignmentsWs --attributeAssignType=group --attributeDefNames=test:testAttributeAssignDefNameDef
output line: Index: 0: permissionType: role_subject, role: test:someRole, subject: 123456, attributeDefNameName: test:testPermission, action: assign, enabled: T
- get permission assignments web service, Chris Hyzer, 04/18/2010
Archive powered by MHonArc 2.6.16.