Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] VIEW permission on STEMs ?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] VIEW permission on STEMs ?


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: "" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] VIEW permission on STEMs ?
  • Date: Wed, 6 Jul 2016 20:46:31 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

 

This is fixed in patch: grouper_v2_3_0_api_patch_15

 

Note, this defaults to on.  Shilen did performance analysis.  It is fast for admins.  It is fast for users with not a lot of privs.  If a power user is not an admin and has a ton of privs (e.g. courses or something), and you have a huge registry, then it can be slow.  You can determine if you want to turn it off altogether, or put people in a group (or groups in a group) which it is not enabled for.  There is also a timer so that you can see who is having issues with it via errors logged.  Note, this is only for the UI at this point and not for WS or API.  Try it out and let me know how it goes J

 

https://bugs.internet2.edu/jira/browse/GRP-1320

 

edit in grouper.properties:

 

# if folders should be shown only if there is an object inside that the user can see

security.show.folders.where.user.can.see.subobjects = true

 

# put in a group name to exclude non admins who have a lot of privileges who have bad performance

security.show.all.folders.if.in.group =

 

# log error if performance is above this number of seconds. tells you to exclude some users or disable feature

# leave blank or -1 to disable

security.show.all.folders.log.above.seconds = 30

 

 

Thanks

Chris

 

 

 

From: Hyzer, Chris
Sent: Tuesday, June 07, 2016 12:45 PM
To: '' <>
Cc:
Subject: RE: [grouper-users] VIEW permission on STEMs ?

 

If you have CREATE on a stem, or ADMIN (2.3+), then you should see the parent stems while browsing right?  J

 

Thanks

Chris

 

From: []
Sent: Tuesday, June 07, 2016 11:21 AM
To: Hyzer, Chris <>
Cc:
Subject: Re: [grouper-users] VIEW permission on STEMs ?

 

Thanks Chris !

 

Yes, your suggestion would solve our problem.

 

When you say "stems that you have privileges on" -- I'm not sure what you mean ?

Sent from my iPhone


On Jun 7, 2016, at 10:24 AM, Hyzer, Chris <> wrote:

We have tried to only show stems that you have privileges on,  or have an object (stem, group, attribute) underneath somewhere that you have privileges on,  but we had performance problems implementing it.   We can take another look  at it.   If that existed i would hope you wouldn't need view on folders

Thanks
Chris

 

On Tue, Jun 7, 2016 at 10:06 AM -0400, "Steven Carmody" <> wrote:

Hi,

We have a growing number of situations where we are delegating the
management of various Service Management Groups. In some of these cases,
Services support "projects", and each Project has a different set of
managers/admins. IN any case, we now have a longish set of STEMs under
the "Service management" STEM.

We'd prefer that when one of these admins is using a Grouper GUI that
they only see the STEMs for the Projects (or Services) that they're
authorized to VIEW and manage.

I know Grouper doesn't currently support a VIEW privilege on STEMs --
I'm wondering if this has been requested by others ? Or whether others
see any value in this added functionality ?




Archive powered by MHonArc 2.6.19.

Top of Page