Grouper Users - Open Discussion List

[Chris Hyzer <>]

Hey,

I got a request to setup a new Grouper subject like an existing subject.  
Meaning any groups the existing subject is in, add the new subject to them.  
And any privileges the existing subject has, grant those to the new subject.

We could eventually have an API method to do this stuff, but for now, you can 
do it pretty easily with SQL and GSH (unless there is a better way I don't 
know of :) ).  These commands will work with 1.4 and 1.5.

I put the steps to make this happen on the wiki (and below):

https://spaces.internet2.edu/display/GrouperWG/Useful+sample+Grouper+scripts+and+queries

Thanks,
Chris


Ps. Here are the steps

If you want to add a user to all the groups another user is in, you can 
generate GSH scripts via SQL.  Note, this is an oracle script, for mysql you 
will need to change the || to "concat()".  Also, the pagesize and linesize 
settings are oracle specific.  You can omit or replace for other dbs

Group memberships (note, adjust "someExistingSubjectId", and 
"someNewSubjectId"):

set pagesize 10000
set linesize 1000

select 'addMember("' || gmv.GROUP_NAME || '", "someNewSubjectId", 
FieldFinder.find("' || gmv.LIST_NAME || '"));'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'list';

Take the output of that, which looks like this:

addMember("test:stem:whatever:group", "someNewSubjectId", 
FieldFinder.find("members"));
addMember("school:hey:there:folder:group2", "someNewSubjectId", 
FieldFinder.find("members"));

Put that in a file called script.txt, and should put this at the top:   
GrouperSession.startRootSession();

Then run like this: gsh.sh script.txt

For group privileges, adjust for subjectIds and run this query (again, for 
mysql, use concat instead of ||):

select 'grantPriv("' || gmv.GROUP_NAME || '", "someNewSubjectId", ' || 
gmv.list_name || ');'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'access';

Put the output in a script file, and add these lines to the top:

GrouperSession.startRootSession();
readers = AccessPrivilege.READ;
updaters = AccessPrivilege.UPDATE;
admins = AccessPrivilege.ADMIN;
viewers = AccessPrivilege.VIEW;
optins = AccessPrivilege.OPTIN;
optouts = AccessPrivilege.OPTOUT;

grantPriv("test:stem:whatever:group1", "someNewSubjectId", viewers);
grantPriv("test:stem:whatever:group2", "someNewSubjectId", viewers);
grantPriv("test:stem:whatever:group3", "someNewSubjectId", readers);
grantPriv("test:stem:whatever:group4", "someNewSubjectId", viewers);


Run the script like this: gsh.sh script.txt

For stem privileges adjust for subjectIds and run this query (again, for 
mysql, use concat instead of ||):

select 'grantPriv("' || gmv.STEM_NAME || '", "someNewSubjectId", ' || 
gmv.list_name || ');'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'naming';

Put the output in a script file, and add these lines to the top:

GrouperSession.startRootSession();

creators = NamingPrivilege.CREATE;
stemmers = NamingPrivilege.STEM;

grantPriv("test:stem:whatever:stem1", "someNewSubjectId", creators);
grantPriv("test:stem:whatever:stem2", "someNewSubjectId", creators);
grantPriv("test:stem:whatever:stem3", "someNewSubjectId", creators);

Run the script like this: gsh.sh script.txt