Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] assignGrouperPrivileges and replaceAllExisting

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] assignGrouperPrivileges and replaceAllExisting

Chronological Thread 
  • From: Julio Polo <>
  • To:
  • Subject: Re: [grouper-users] assignGrouperPrivileges and replaceAllExisting
  • Date: Tue, 19 Apr 2011 09:39:43 -1000

Thanks Chris. It works as you explain. I couldn't see it because I
was expecting the list of privileges to be exhaustive for all
subjects. For example, if I provide privileges (read, update) to
subjects (jsmith, rjohnson) and set replaceAllExisting=true, I would
have expected jsmith and rjohnson to have only 'read' and 'update'
while all other privileges (admin,update,optin,optout) would be
removed (or ignored if not assigned) for them. All other subjects
would not be touched. In other words, I was being subject-centric
while this operation is privilege-centric.

There are several phrases in the description of replaceAllExisting
that could use some disambiguation:

"T to replace existing members,"

When I couldn't figure it out, I thought this meant that the list
membership would be changed. That would be odd in this context, but I
was grasping at straws. How about something like:

"If replaceAllExisting is T, then allowed must be set to T. This will
assign the provided privilege(s) to the provided subject(s), and
remove it from all other subjects in the group.

If F or blank, assign or remove (depending on value provided in
'allowed') the provided privilege(s) from the provided subject(s)"

And I had to do a double-take on what an "allowed T" was in "Only for
allowed T". Then I figured out that it was referring to the parameter
named 'allowed'. My rewrite above already addresses this.

Thanks again.

Julio Polo
Identity and Access Management
University of Hawaii

On Tue, Apr 19, 2011 at 5:55 AM, Chris Hyzer
> assignGrouperPrivileges takes the privilege, the owner, and a set of
> subjects.  If you are not sending replaceAllExisting, then it will assign
> that privilege for that owner to those subjects.  If you set
> replaceAllExisting to true, then it will make the list be whatever you
> sent, and remove the orphans.
> Ok, how about an example.
> Right now jsmith, rjohnson, and kwilson have READ on group:
> school:folder:someGroup
> If you call assignGrouperPrivileges with READ on group:
> school:folder:someGroup, and send in subjects rjohnson, and horeily, and
> replaceAllExisting to true, then it will ignore rjohnson since that was
> already assigned, it will unassign jsmith and kwilson, and it will add
> horeily since it didn't already exist.
> Got it?  :)
> Thanks,
> Chris
> -----Original Message-----
> From:
> [mailto:]
> On Behalf Of Julio Polo
> Sent: Monday, April 18, 2011 10:26 PM
> To:
> Subject: [grouper-users] assignGrouperPrivileges and replaceAllExisting
> This is the only explanation I found for replaceAllExisting in the
> context of assignGrouperPrivileges:
> "T to replace existing members, F or blank to just change assignments.
> Only for allowed T ".
> Can someone elaborate on this, or better yet, provide an example?
> I tried playing around and setting replaceAllExisting to T or F under
> different scenarios, and I still can't figure out what it's supposed
> to do.
> Julio Polo
> Identity and Access Management
> University of Hawaii

Archive powered by MHonArc 2.6.16.

Top of Page