Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Group Privileges

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Group Privileges

Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To: "Stephen A. Langella" <>,
  • Subject: Re: [grouper-users] Group Privileges
  • Date: Wed, 30 Aug 2006 12:01:12 +0100

Hi Steve,

Sorry for the delay in responding - lots of people on vacation!

After creating a group with no privileges, I ask the group for the
privileges on arbitrary user, X. The group returns the user X has the
privileges VIEW and READ, which I expect since the those are the default
privileges for the group. When I try to revoke one of the privileges
for the user I get a
edu.internet2.middleware.grouper.MemberDeleteException, is this behavior
Default privileges specified in are assigned to a 'special' internal subject called GrouperAll. They are indirect privileges - as would be privileges assigned to a group where X is a member. Indirect privileges cannot be revoked individually. The privileges must be revoked from the 'owner' - GrouperAll in this case, or a group to which the privileges were directly assigned.

In examining this further I tried adding the privilege VIEW
to the group for user X. When I list the privileges on the group for
user X, I get three results, VIEW, VIEW, READ. Is it intended that I get
two VIEW privileges back?
It is. Privileges may be derived from multiple 'owners' - the subject (direct assignment), GrouperAll or any number of groups. The API keeps track of where privileges are derived from so they can be managed appropriately.
If I try to remove the VIEW privilege I just
added for User X I get a
edu.internet2.middleware.grouper.MemberDeleteException. Any thoughts?
Would you post your code so I can see which API calls you are making?




Stephen Langella MS

Senior Research Specialist

Ohio State University

Department of Biomedical Informatics

Multiscale Computing Laboratory

Office: (614) 292-9845

GW Brown, Information Systems and Computing

  • Group Privileges, Stephen A. Langella, 08/21/2006
    • Re: [grouper-users] Group Privileges, GW Brown, Information Systems and Computing, 08/30/2006

Archive powered by MHonArc 2.6.16.

Top of Page