Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] question on privileges

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] question on privileges


Chronological Thread 
  • From: Martin Feller <>
  • To:
  • Subject: Re: [grouper-users] question on privileges
  • Date: Thu, 20 Jan 2011 16:45:12 -0600

Maybe I should have mentioned, that i set up the stem/group hierarchy and the
privileges using the web ui.

On 1/20/11 4:36 PM, Martin Feller wrote:
> Hi,
>
> I'm quite new to grouper.
> Here's a problem I face while playing with the grouper API (1.6.3):
>
> I have a group BIRN:F-BIRN:performancetest. The privilege for everyone is
> only 'view'.
> The group has 3 members a, b and c. All of them have only the 'member'
> privilege, except for c, which also has the 'admin' and 'read' privilege.
>
> However, if I try to get a list of members for that group as member 'c'
> (i.e. the session has been started with the subject of 'c'),
> 'c' doesn't get a list of users. Even if I grant 'c' the admin privilege on
> that group, I don't get the list members.
>
> If I run the session as 'GrouperSystem', I get the list of members, and I
> see that 'c' is on the readers list and admin list,
> But a call to hasRead() with the subject of 'c' still returns false.
>
> I guess my questions are:
> * Why don't I get the memberlist if the session is run with 'c', and 'c'
> has read and admin privileges on the group?
> * Why does the call to group.hasRead(<subject of c>) as 'GrouperSystem'
> return false, even though 'c' is on the readers list?
>
> I assume I'm doing something wrong, or have wrong assumptions.
> Let me know if you need more information about my setup.
>
> Find the source code of my small example program attached.
>
> Thanks for feedback!
>
> Martin
>
>
> #############
>
> Output of the program, when the session has been started with the subject
> of 'GrouperSystem':
>
> subject id of caller: GrouperSystem
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> - c
> - GrouperSystem
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> - c
> c has read privs on group BIRN:F-BIRN:performancetest: false
> Members of group BIRN:F-BIRN:performancetest:
> - a
> - b
> - c
>
>
> Output of program, when the session has been started with the subject of
> 'c':
>
> Subject id of caller: c
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> c has read privs on group BIRN:F-BIRN:performancetest: false
> No read privilege on group for subject c
>




Archive powered by MHonArc 2.6.16.

Top of Page