Grouper Users - Open Discussion List

[Chris Hyzer <>]

I would do it by group and not individual user.

Make a group of readers: a:b:c:whateverFolderReaders

Add that user to that group

Make a rule on the folder allowing the group to read all groups inside and below:

 

https://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Inherited+privileges+on+groups

 

Note, this GSH wasn’t tested, hopefully it is correct:

 

gsh 0% grouperSession = GrouperSession.startRootSession();

gsh 1% group = GroupFinder.findByName(grouperSession, “a:b:c:whateverFolderReaders”, true);

gsh 2% folder = StemFinder.findByName(grouperSession, “a:b:c”, true);

gsh 3% RuleApi.inheritGroupPrivileges(SubjectFinder.findRootSubject(), folder, Stem.Scope.SUB, group.toSubject(), Privilege.getInstances("read”));

 

Note, there is a daemon which will run periodically to assign to groups that already exist, or if privs are ever removed.  See the rules wiki for more details.

 

Thanks,

Chris

 

 

 

From: [mailto:] On Behalf Of Sachdeva, Vivek
Sent: Tuesday, April 29, 2014 5:56 PM
To: ; ;
Subject: [grouper-users] Grouper Privileges

 

Hi,

 

I have a question about the Privileges. Is there a way to assign privileges to someone so that he/she can read all the groups and memberships under one folder and all the subfolders under that folder without specifying the individual groups in the grantPriv command ?

 

By default I need to set the following properties to false.

 

groups.create.grant.all.read          = false

groups.create.grant.all.view          = false

 

Thanks,

 

Vivek