Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Restricting access to Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Restricting access to Grouper


Chronological Thread 
  • From: Baron Fujimoto <>
  • To:
  • Subject: Re: [grouper-users] Restricting access to Grouper
  • Date: Tue, 21 Aug 2012 14:26:27 -1000

Thanks for the pointer to media.properties.

In grouper.properties, I have the following:

configuration.autocreate.group.name.1 = etc:uiUsers
configuration.autocreate.group.description.1 = users allowed to log in to the
UI
configuration.autocreate.group.subjects.1 = teststaf

and in grouper-ui/conf/resources/grouper/media.properties I've set

require.group.for.logins=etc:uiUsers

If I log in to Grouper as a user that is not in etc:uiUsers (or wheel type
group), I still seem to have access to the UI. Although I don't appear
to have any create, etc. type privileges, I can still perform searches and
browse from the "../grouper/doSearchSubjects.do" URL.

Aloha,
-baron

On Tue, Aug 21, 2012 at 04:10:08AM +0000, Chris Hyzer wrote:
: The grouper.properties can autocreate the UI / WS groups. You make the UI
be restricted to a group, you should be able to use the media.properties to
specify the group, and in the WS, its the grouper-ws.properties where you
specify it. Let me know how it goes.
:
: Thanks,
: Chris
:
: ________________________________________
: From:


[]
on behalf of Baron Fujimoto
[]
: Sent: Monday, August 20, 2012 11:12 PM
: To:

: Subject: [grouper-users] Restricting access to Grouper
:
: We'd like to be able to restrict access to the Grouper API (via the UI
: or WS) to a specified group of users. What is the recommended way to
: accomplish this using Grouper?
:
: grouper.example.properties includes some commented out entries that
: hint at a starting point to achieve this, but I wasn't able to find
: further examples or documentation on where to go from there; i.e. given
: this group, how to restrict the access?
:
: #configuration.autocreate.group.name.0 = etc:uiUsers
: #configuration.autocreate.group.description.0 = users allowed to log in to
the UI
: #configuration.autocreate.group.subjects.0 = johnsmith
:

--
Baron Fujimoto
<>
:: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum



Archive powered by MHonArc 2.6.16.

Top of Page