Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Setting default privileges for a group

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Setting default privileges for a group

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Julio Polo <>, "" <>
  • Subject: RE: [grouper-users] Setting default privileges for a group
  • Date: Wed, 20 Apr 2011 21:03:31 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

Well, its not the default privilege, it's the global privilege... know what I

So on the UI, all that checkbox does is assign a privilege for that group to
the subject EveryEntity, or GrouperAll, or whatever it is configured to be
called in So if you want to create a group, then create
it with a GroupSave. That will follow the to assign the
global privileges. By default this makes the group globally readable and
globally viewable. I personally think that Universities should change this
default to false for all, following the principal of least privilege. But in
any case, after you do your GroupSave, then follow that with a web service
call "assignGrouperPrivileges" call which either removes the
EveryEntity/GrouperAll for default settings, or adds them
if you want to widen things. Ok?


-----Original Message-----

On Behalf Of Julio Polo
Sent: Wednesday, April 20, 2011 7:37 PM

Subject: [grouper-users] Setting default privileges for a group

How do I set the default privileges for a new or existing group via a
web service? I am assuming this can be specified within
<WsRestGroupSaveRequest> (using REST, XML), but I couldn't find any

Julio Polo
University of Hawaii

Excerpt from

Grouper Privileges

All configuration of Grouper privileges detailed in this section occur
in the grouper/conf/ file.

Default privileges

Grouper requires that all subjects must be explicitly granted access
or naming privileges (cf. Glossary), with one caveat. There is a
special "subject" internal to Grouper called the ALL subject, which is
a stand-in for any subject. The ALL subject can be granted a privilege
in lieu of assigning that privilege explicitly to each and every

When a new group or naming stem is created, any of its associated
privileges can be granted by default to the ALL subject. This is
configured by a series of properties in, one per
privilege. If a property has the value "true" then ALL is granted that
privilege by default when a group or naming stem is created. Otherwise
it is not, and hence no subject has that privilege by default.

Archive powered by MHonArc 2.6.16.

Top of Page