Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Grouper Privileges

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Grouper Privileges

Chronological Thread 
  • From: Chris Hyzer <>
  • To: "Sachdeva, Vivek" <>, "" <>
  • Subject: [grouper-users] RE: Grouper Privileges
  • Date: Wed, 30 Apr 2014 12:00:04 +0000
  • Accept-language: en-US

I would do it by group and not individual user.

Make a group of readers: a:b:c:whateverFolderReaders

Add that user to that group

Make a rule on the folder allowing the group to read all groups inside and below:


Note, this GSH wasn’t tested, hopefully it is correct:


gsh 0% grouperSession = GrouperSession.startRootSession();

gsh 1% group = GroupFinder.findByName(grouperSession, “a:b:c:whateverFolderReaders”, true);

gsh 2% folder = StemFinder.findByName(grouperSession, “a:b:c”, true);

gsh 3% RuleApi.inheritGroupPrivileges(SubjectFinder.findRootSubject(), folder, Stem.Scope.SUB, group.toSubject(), Privilege.getInstances("read”));


Note, there is a daemon which will run periodically to assign to groups that already exist, or if privs are ever removed.  See the rules wiki for more details.







From: [mailto:] On Behalf Of Sachdeva, Vivek
Sent: Tuesday, April 29, 2014 5:56 PM
To: ; ;
Subject: [grouper-users] Grouper Privileges




I have a question about the Privileges. Is there a way to assign privileges to someone so that he/she can read all the groups and memberships under one folder and all the subfolders under that folder without specifying the individual groups in the grantPriv command ?


By default I need to set the following properties to false.          = false

groups.create.grant.all.view          = false





Archive powered by MHonArc 2.6.16.

Top of Page