Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] VIEW permission on STEMs ?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] VIEW permission on STEMs ?

Chronological Thread 
  • From: Shilen Patel <>
  • To: "" <>
  • Subject: Re: [grouper-users] VIEW permission on STEMs ?
  • Date: Fri, 29 Jul 2016 16:54:07 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

If you applied this patch (patch 15), then you should also apply a new patch (patch 19) to resolve some issues with it.


- Shilen

From: <Hyzer>, Chris <>
Date: Wednesday, July 6, 2016 at 4:46 PM
To: "" <>
Cc: "" <>
Subject: RE: [grouper-users] VIEW permission on STEMs ?


This is fixed in patch: grouper_v2_3_0_api_patch_15


Note, this defaults to on.  Shilen did performance analysis.  It is fast for admins.  It is fast for users with not a lot of privs.  If a power user is not an admin and has a ton of privs (e.g. courses or something), and you have a huge registry, then it can be slow.  You can determine if you want to turn it off altogether, or put people in a group (or groups in a group) which it is not enabled for.  There is also a timer so that you can see who is having issues with it via errors logged.  Note, this is only for the UI at this point and not for WS or API.  Try it out and let me know how it goes J


edit in


# if folders should be shown only if there is an object inside that the user can see = true


# put in a group name to exclude non admins who have a lot of privileges who have bad performance =


# log error if performance is above this number of seconds. tells you to exclude some users or disable feature

# leave blank or -1 to disable = 30








From: Hyzer, Chris
Sent: Tuesday, June 07, 2016 12:45 PM
To: ' <>
Subject: RE: [grouper-users] VIEW permission on STEMs ?


If you have CREATE on a stem, or ADMIN (2.3+), then you should see the parent stems while browsing right?  J





From: []
Sent: Tuesday, June 07, 2016 11:21 AM
To: Hyzer, Chris <>
Subject: Re: [grouper-users] VIEW permission on STEMs ?


Thanks Chris !


Yes, your suggestion would solve our problem.


When you say "stems that you have privileges on" -- I'm not sure what you mean ?

Sent from my iPhone

On Jun 7, 2016, at 10:24 AM, Hyzer, Chris <> wrote:

We have tried to only show stems that you have privileges on,  or have an object (stem, group, attribute) underneath somewhere that you have privileges on,  but we had performance problems implementing it.   We can take another look  at it.   If that existed i would hope you wouldn't need view on folders



On Tue, Jun 7, 2016 at 10:06 AM -0400, "Steven Carmody" <> wrote:


We have a growing number of situations where we are delegating the
management of various Service Management Groups. In some of these cases,
Services support "projects", and each Project has a different set of
managers/admins. IN any case, we now have a longish set of STEMs under
the "Service management" STEM.

We'd prefer that when one of these admins is using a Grouper GUI that
they only see the STEMs for the Projects (or Services) that they're
authorized to VIEW and manage.

I know Grouper doesn't currently support a VIEW privilege on STEMs --
I'm wondering if this has been requested by others ? Or whether others
see any value in this added functionality ?

Archive powered by MHonArc 2.6.19.

Top of Page