Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Privileges in Grouper 1.6.1

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Privileges in Grouper 1.6.1


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "Snee, Tom" <>, "" <>
  • Subject: [grouper-users] RE: Privileges in Grouper 1.6.1
  • Date: Wed, 29 Oct 2014 19:59:15 +0000
  • Accept-language: en-US
Easy way?  :)  I think you could generate a GSH script from SQL and run that :)

https://spaces.internet2.edu/display/Grouper/GrouperShell+(gsh)

Here is a more complicated example.  I want all groups in a certain folder which do not have an ADMIN privilege assigned to my application service principal, to assign that privilege.  Here is the query for oracle:

select 'grantPriv("' || gg.name || '", "someid/server.school.edu", AccessPrivilege.ADMIN);' as script 
from grouper_groups gg where gg.name like 'school:apps:appName:spaces:%' 
and not exists
(select (1) from grouper_memberships_lw_v gmlv where gg.name = gmlv.group_name and list_name = 'admins' 
and gmlv.subject_id = 'someid/server.school.edu');
Note, you will want to use the group UUID as the subject ID, also that concatenation is Oracle specific, you need a concat or something for other DBs.  

Thanks,
Chris
From: [] on behalf of Snee, Tom []
Sent: Wednesday, October 29, 2014 3:50 PM
To:
Subject: [grouper-users] Re: Privileges in Grouper 1.6.1

You are right that a rule would be ideal. Fortunately, I don't expect my hierarchy to change, so one-time-only should suffice. If you could tell me what 1.6.1 Java APIs I need to read and set privileges on groups, I will read the javadocs for them and puzzle it out.

Tom Snee

From: Chris Hyzer <>
Date: Wednesday, October 29, 2014 3:37 PM
To: Tom Snee <>, "" <>
Subject: RE: Privileges in Grouper 1.6.1

Upgrade to 2.0+ and add a rule?  J

 

I assume its not a one time task and you want it for new groups added to the folders automatically (like a rule).  I don’t think there is a good way to do this in 1.6… you might be able to write a java hook, or run a GSH script from cron every hour or something…

 

Thanks,

Chris

 

From: [] On Behalf Of Snee, Tom
Sent: Wednesday, October 29, 2014 2:39 PM
To:
Subject: [grouper-users] Privileges in Grouper 1.6.1

 

I am trying to figure out how to give a certain group READ access on every group under a stem and all of its sub-stems. There seems to be plenty of documentation on how to do this under recent versions of Grouper, but nothing I have read applies to version 1.6.1. Could anyone point me in the right direction?

 

Thanks,

 

Tom Snee


Archive powered by MHonArc 2.6.16.

Top of Page