grouper-users - RE: [grouper-users] Setting default privileges for a group
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Julio Polo <>, "" <>
- Subject: RE: [grouper-users] Setting default privileges for a group
- Date: Wed, 20 Apr 2011 21:03:31 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Well, its not the default privilege, it's the global privilege... know what I
mean?
So on the UI, all that checkbox does is assign a privilege for that group to
the subject EveryEntity, or GrouperAll, or whatever it is configured to be
called in grouper.properties. So if you want to create a group, then create
it with a GroupSave. That will follow the grouper.properties to assign the
global privileges. By default this makes the group globally readable and
globally viewable. I personally think that Universities should change this
default to false for all, following the principal of least privilege. But in
any case, after you do your GroupSave, then follow that with a web service
call "assignGrouperPrivileges" call which either removes the
EveryEntity/GrouperAll for default grouper.properties settings, or adds them
if you want to widen things. Ok?
Thanks!
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Julio Polo
Sent: Wednesday, April 20, 2011 7:37 PM
To:
Subject: [grouper-users] Setting default privileges for a group
How do I set the default privileges for a new or existing group via a
web service? I am assuming this can be specified within
<WsRestGroupSaveRequest> (using REST, XML), but I couldn't find any
documentation.
Julio Polo
University of Hawaii
--------------------------------------------
Excerpt from https://spaces.internet2.edu/display/Grouper/API+Configuration
Grouper Privileges
All configuration of Grouper privileges detailed in this section occur
in the grouper/conf/grouper.properties file.
Default privileges
Grouper requires that all subjects must be explicitly granted access
or naming privileges (cf. Glossary), with one caveat. There is a
special "subject" internal to Grouper called the ALL subject, which is
a stand-in for any subject. The ALL subject can be granted a privilege
in lieu of assigning that privilege explicitly to each and every
subject.
When a new group or naming stem is created, any of its associated
privileges can be granted by default to the ALL subject. This is
configured by a series of properties in grouper.properties, one per
privilege. If a property has the value "true" then ALL is granted that
privilege by default when a group or naming stem is created. Otherwise
it is not, and hence no subject has that privilege by default.
- [grouper-users] Setting default privileges for a group, Julio Polo, 04/20/2011
- RE: [grouper-users] Setting default privileges for a group, Chris Hyzer, 04/20/2011
- Re: [grouper-users] Setting default privileges for a group, Julio Polo, 04/20/2011
- RE: [grouper-users] Setting default privileges for a group, Chris Hyzer, 04/20/2011
- Re: [grouper-users] Setting default privileges for a group, Julio Polo, 04/20/2011
- RE: [grouper-users] Setting default privileges for a group, Chris Hyzer, 04/20/2011
Archive powered by MHonArc 2.6.16.