Subject: Grouper Users - Open Discussion List
- From: Chris Hyzer <>
- To: "Sachdeva, Vivek" <>, "" <>
- Subject: [grouper-users] RE: Grouper Privileges
- Date: Wed, 30 Apr 2014 12:00:04 +0000
- Accept-language: en-US
I would do it by group and not individual user.
Make a group of readers: a:b:c:whateverFolderReaders
Add that user to that group
Make a rule on the folder allowing the group to read all groups inside and below:
Note, this GSH wasn’t tested, hopefully it is correct:
gsh 0% grouperSession = GrouperSession.startRootSession();
gsh 1% group = GroupFinder.findByName(grouperSession, “a:b:c:whateverFolderReaders”, true);
gsh 2% folder = StemFinder.findByName(grouperSession, “a:b:c”, true);
gsh 3% RuleApi.inheritGroupPrivileges(SubjectFinder.findRootSubject(), folder, Stem.Scope.SUB, group.toSubject(), Privilege.getInstances("read”));
Note, there is a daemon which will run periodically to assign to groups that already exist, or if privs are ever removed. See the rules wiki for more details.
I have a question about the Privileges. Is there a way to assign privileges to someone so that he/she can read all the groups and memberships under one folder and all the subfolders under that folder without specifying the individual groups in the grantPriv command ?
By default I need to set the following properties to false.
groups.create.grant.all.read = false
groups.create.grant.all.view = false
- [grouper-users] Grouper Privileges, Sachdeva, Vivek, 04/29/2014
- [grouper-users] RE: Grouper Privileges, Chris Hyzer, 04/30/2014
Archive powered by MHonArc 2.6.16.