Skip to Content.
Sympa Menu

grouper-dev - get permission assignments web service

Subject: Grouper Developers Forum

List archive

get permission assignments web service

Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>
  • Subject: get permission assignments web service
  • Date: Sun, 18 Apr 2010 14:48:05 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

I finished the get permission assignments web service.  This is for Grouper’s permission management capability where it can store central permissions/privileges for applications.









Get permission assignments.  These permissions can be on roles or subjects (note if assignment is assigned directly to a subject, it is in the context of a role).

You can lookup permissions by attribute definition, attribute definition name, role name or uuid, or subject. You can filter by action.  Note you must pass in at least an attribute definition, attribute definition name, role, or subject, and you can mix and match.

All returned permission assignments will be filtered for security based on the logged in or acted as user (security rules are on attribute framework wiki)

The returned data will include the permission assignments, and a normalized list of references (role, attribute definitions, attribute names (if requested with includeAttributeDefNames=T), subjects, etc)

You can lookup assignments by multiple owners, definitions, subjects, actions, etc (non-lite operation only)

If you want to return details on the assignment (e.g. the depth of each hierarchy etc), pass in the param: includePermissionAssignDetail=T

If you want to return the underlying attribute assignment objects, pass in the param: includeAttributeAssignments=T

If there are limits or other metadata on the permission, to read those, pass in includeAttributeAssignments=T and includeAssignmentsOnAssignments=T. Note these attribute assignments on assignments are only on the immediate assignment, not effective.


  • Can base permission assign list based on action, active, etc
  • Lookup owner or other objects by object lookup (by id, name, etc)
  • Returns role / subject information etc, can be detailed or not
  • Can actAs another user

Get permission assignments lite service

  • Accepts one role, or one subject, or attribute definition, or attribute definition name to get permission assignments for.   You can mix and match, but at least one must be passed in (e.g. you can query for a subject's permissions in a role)
  • Documentation: SOAP (click on getPermissionAssignmentsLite), REST (click on getPermissionAssignmentsLite)
  • For REST, the request can put data in query string (in URL or request body)
  • REST request (colon is escaped to %3A):
    • GET /grouper-ws/servicesRest/v1_6_000/permissionAssignments
    • Note: if passing data in request body e.g. actAs, use a POST
  • (see documentation above for details): Request object, response object
  • Response codes
  • Samples (all files with "Lite" in them, click on "download" to see file)

Get permission assignments service

  • Accepts multiple roles or subjects or attribute definitions (or combination) etc to retrieve lists of permission assignments
  • Documentation: SOAP (click on getPermissionAssignments), REST (click on getPermissionAssignments)
  • REST request (colon is escaped to %3A):
    • POST /grouper-ws/servicesRest/v1_6_000/permissionAssignments
  • (see documentation above for details): Request object, response object
  • Response codes overall
  • Returns an overall status
  • Samples (all files without "Lite" in them, click on "download" to see files)

Here is the grouper client information:


getPermissionAssignmentsWs web service usage:


  java -jar grouperClient.jar --operation=getPermissionAssignmentsWs [--includeAttributeAssignments=T|F] [--includeAssignmentsOnAssignments=T|F] [--includeAttributeDefNames=T|F] [--includePermissionAssignDetail=T|F] [--attributeDefNames=a:b,b:c] [--attributeDefUuids=1a,2b] [--attributeDefNameNames=a:b,b:c] [--attributeDefNameUuids=1a,2b] [--roleNames=a:b:c,a:b:d] [--roleUuids=1234,abcd] [--subject0SubjectId=subjId0] [--subject0SubjectIdentifier=subjIdent0] [--subject0SubjectSource=source0] [--enabled=A|T|F] [--actions=read,write] [--includeGroupDetail=true|false] [--includeSubjectDetail=true|false] [--subjectAttributeNames=name0,name1] [--actAsSubjectId=subjId] [--actAsSubjectIdentifier=subjIdent] [--actAsSubjectSource=source] [--saveResultsToFile=fileName] [--outputTemplate=somePattern] [--paramName0=name0] [--paramValue0=value1] [--paramNameX=xthParamName] [--paramValueX=xthParamValue] [--debug=true] [--clientVersion=someVersion]


  e.g.: java -jar grouperClient.jar --operation=getPermissionAssignmentsWs --attributeAssignType=group --attributeDefNames=test:testAttributeAssignDefNameDef


  output line: Index: 0: permissionType: role_subject, role: test:someRole, subject: 123456, attributeDefNameName: test:testPermission, action: assign, enabled: T



  • get permission assignments web service, Chris Hyzer, 04/18/2010

Archive powered by MHonArc 2.6.16.

Top of Page