Grouper Users - Open Discussion List

[Tom Barton <>]

Keith Hazelton wrote:
> Question:
>
> What process logic is going on in Grouper that leads to this line from
> the terminal session found in the message below?
>
> 2004-12-31 10:42:23,706  INFO event: Added
> memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' subjectID='heyward' to
> member table
>
> I guess this boils down to the question "How is the member table used?"

Every subject in the grouper_list table is referenced by a guid called 
'memberKey' that is private to the API. The grouper_member table is the 
link between this internal identifier and the subject's public 
subjectID. So, to add 'heyward' to the pase:service:wiscCal:include 
'updaters' list (which is what happens when they're granted UPDATE 
priv), a memberKey is generated and added to the updaters list and an 
entry in grouper_member is added to bind 'heyward' to that memberKey. 
This takes place with the first reference to 'heyward' in a list 
context. Further operations with the 'heyward' subject will rely on the 
existing grouper_member record, and no further "added to member table" 
message should occur. The point of doing so is to enable change of a 
subject's subjectID without having to touch all lists to which that 
subject belongs.

Keep it up Keith! (and here I'm using my free time to atone for months 
of neglect to our house!)

Tom

 ____________________
> Keith Hazelton wrote:
>
> > I just did one test run on a really simple command-line tool to manage 
> > Grouper's ADMIN and UPDATE access privileges.  It seemed to work, so 
> > I'm letting others have at it.
> >
> > If you feel like trying this out, create a new subdirectory in your 
> > Grouper installation /contrib/load directory called "accessmgr."  Add 
> > the following three files to that directory:
> >
> > http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/README
> > http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/accessmgr.java
> > http://arch.doit.wisc.edu/keith/i2/grouper/accessmgr/build.xml
> >
> > Then follow the guidance in the README file.
> >
> > I've tried to follow the conventions established in the other 
> > contributed programs.  Accessmgr is VERY closely modeled on 
> > /contrib/load/groupmgr/groupmgr.java.  Saying this protects me against 
> > the charge of plagiarism and shows sincerest flattery to Blair 
> > Christensen.
> >
> > Here's a snippet from the terminal session that convinced me it kinda 
> > works.  I wanted to give subject heyward the UPDATE privilege on group 
> > pase:service:wiscCal:include:
> >
> > > java accessmgr -g -m heyward -p UPDATE -s pase:service:wiscCal -e 
> > > include -v
> >
> >
> >
> > > Enabling verbose mode
> > > Using extension 'include'
> > > Enabling grant mode
> > > Will act upon a group
> > > Will act upon a member `heyward'
> > > Will act upon privilege
> > > Using stem 'pase:service:wiscCal'
> > > Using default subjectID
> > > 2004-12-31 10:42:20,358  INFO event: Initializing Grouper
> > > Using default subjectTypeID (person)
> > > Looking up subjectID 'GrouperSystem'
> > > 2004-12-31 10:42:23,359  INFO event: Started session for 'GrouperSystem'
> > > Started session as GrouperSystem:person
> > > Loaded member GrouperSystem:person
> > > 2004-12-31 10:42:23,706  INFO event: Added 
> > > memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' subjectID='heyward' 
> > > to member table
> > > 2004-12-31 10:42:23,838  INFO event: 'GrouperSystem' granted 'UPDATE' 
> > > to memberID='500f56c9-0db7-4205-ba6d-7ee0a76c3da0' 
> > > subjectID='heyward' on 'pase:service:wiscCal:include'
> > > Granted access privilege `UPDATE' to member `heyward' on group 
> > > `pase:service:wiscCal:include'
> > > 2004-12-31 10:42:23,846  INFO event: Stopped session for 'GrouperSystem'
> >
> >
> >
> > ________________________________________________________
> > Keith Hazelton                  Senior IT Architect, UW-Madison
> > (608) 262-0771                  Division of Info. Technology
> > (608) 877-0977 (home)           1210 W. Dayton St., rm. 2164
> > http://arch.doit.wisc.edu/keith      Madison, WI  53706