Subject: Grouper Users - Open Discussion List
- From: "GW Brown, Information Systems and Computing" <>
- To: "Stephen A. Langella" <>,
- Subject: Re: [grouper-users] Group Privileges
- Date: Wed, 30 Aug 2006 12:01:12 +0100
Sorry for the delay in responding - lots of people on vacation!
After creating a group with no privileges, I ask the group for theDefault privileges specified in grouper.properties are assigned to a 'special' internal subject called GrouperAll. They are indirect privileges - as would be privileges assigned to a group where X is a member. Indirect privileges cannot be revoked individually. The privileges must be revoked from the 'owner' - GrouperAll in this case, or a group to which the privileges were directly assigned.
privileges on arbitrary user, X. The group returns the user X has the
privileges VIEW and READ, which I expect since the those are the default
privileges for the group. When I try to revoke one of the privileges
for the user I get a
edu.internet2.middleware.grouper.MemberDeleteException, is this behavior
In examining this further I tried adding the privilege VIEWIt is. Privileges may be derived from multiple 'owners' - the subject (direct assignment), GrouperAll or any number of groups. The API keeps track of where privileges are derived from so they can be managed appropriately.
to the group for user X. When I list the privileges on the group for
user X, I get three results, VIEW, VIEW, READ. Is it intended that I get
two VIEW privileges back?
If I try to remove the VIEW privilege I justWould you post your code so I can see which API calls you are making?
added for User X I get a
edu.internet2.middleware.grouper.MemberDeleteException. Any thoughts?
Stephen Langella MS
Senior Research Specialist
Ohio State University
Department of Biomedical Informatics
Multiscale Computing Laboratory
Office: (614) 292-9845
GW Brown, Information Systems and Computing
- Group Privileges, Stephen A. Langella, 08/21/2006
- Re: [grouper-users] Group Privileges, GW Brown, Information Systems and Computing, 08/30/2006
Archive powered by MHonArc 2.6.16.