Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Contribution: A really simple command-line tool to manage ADMIN and UPDATE access privileges

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Contribution: A really simple command-line tool to manage ADMIN and UPDATE access privileges


Chronological Thread 
  • From: Tom Barton <>
  • To:
  • Subject: Re: [grouper-users] Contribution: A really simple command-line tool to manage ADMIN and UPDATE access privileges
  • Date: Fri, 31 Dec 2004 15:36:33 -0600


Keith Hazelton wrote:
Question:

What process logic is going on in Grouper that leads to this line from
the terminal session found in the message below?

2004-12-31 10:42:23,706 INFO event: Added
memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' subjectID='heyward' to
member table

I guess this boils down to the question "How is the member table used?"

Every subject in the grouper_list table is referenced by a guid called 'memberKey' that is private to the API. The grouper_member table is the link between this internal identifier and the subject's public subjectID. So, to add 'heyward' to the pase:service:wiscCal:include 'updaters' list (which is what happens when they're granted UPDATE priv), a memberKey is generated and added to the updaters list and an entry in grouper_member is added to bind 'heyward' to that memberKey. This takes place with the first reference to 'heyward' in a list context. Further operations with the 'heyward' subject will rely on the existing grouper_member record, and no further "added to member table" message should occur. The point of doing so is to enable change of a subject's subjectID without having to touch all lists to which that subject belongs.

Keep it up Keith! (and here I'm using my free time to atone for months of neglect to our house!)

Tom

____________________
Keith Hazelton wrote:

I just did one test run on a really simple command-line tool to manage Grouper's ADMIN and UPDATE access privileges. It seemed to work, so I'm letting others have at it.

If you feel like trying this out, create a new subdirectory in your Grouper installation /contrib/load directory called "accessmgr." Add the following three files to that directory:

http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/README
http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/accessmgr.java
http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/build.xml

Then follow the guidance in the README file.

I've tried to follow the conventions established in the other contributed programs. Accessmgr is VERY closely modeled on /contrib/load/groupmgr/groupmgr.java. Saying this protects me against the charge of plagiarism and shows sincerest flattery to Blair Christensen.

Here's a snippet from the terminal session that convinced me it kinda works. I wanted to give subject heyward the UPDATE privilege on group pase:service:wiscCal:include:

java accessmgr -g -m heyward -p UPDATE -s pase:service:wiscCal -e include -v



Enabling verbose mode
Using extension 'include'
Enabling grant mode
Will act upon a group
Will act upon a member `heyward'
Will act upon privilege
Using stem 'pase:service:wiscCal'
Using default subjectID
2004-12-31 10:42:20,358 INFO event: Initializing Grouper
Using default subjectTypeID (person)
Looking up subjectID 'GrouperSystem'
2004-12-31 10:42:23,359 INFO event: Started session for 'GrouperSystem'
Started session as GrouperSystem:person
Loaded member GrouperSystem:person
2004-12-31 10:42:23,706 INFO event: Added memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' subjectID='heyward' to member table
2004-12-31 10:42:23,838 INFO event: 'GrouperSystem' granted 'UPDATE' to memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' subjectID='heyward' on 'pase:service:wiscCal:include'
Granted access privilege `UPDATE' to member `heyward' on group `pase:service:wiscCal:include'
2004-12-31 10:42:23,846 INFO event: Stopped session for 'GrouperSystem'



________________________________________________________
Keith Hazelton Senior IT Architect, UW-Madison
(608) 262-0771 Division of Info. Technology
(608) 877-0977 (home) 1210 W. Dayton St., rm. 2164
http://arch.doit.wisc.edu/keith Madison, WI 53706







Archive powered by MHonArc 2.6.16.

Top of Page