Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] web service user READ only, ALL groups

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] web service user READ only, ALL groups


Chronological Thread 
  • From: "Robinson, Justin S" <>
  • To: "O'Dowd, Josh" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] web service user READ only, ALL groups
  • Date: Thu, 26 Jul 2018 16:55:19 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:nSl7lRxczkpMUGDXCy+O+j09IxM/srCxBDY+r6Qd2+4WIJqq85mqBkHD//Il1AaPAd2Fraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HSbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/YYsADe0PPedEoIbyvFYOogeyBQy2CePv1jNFhHn71rA63eQ7FgHG2RQtE9wSvnTTt9r1NaESUfuyzKnO1TnIcvdY2Srm6IjUcxAhp+yHU69+fcHMzkQvFRnFg1eOpYH+PjOVy/4BvHaG4Op9TO+ijXMspQJpojW328sglI3EipgXx13A7yl13Zw5KcC8RUN0edKoDZRduz2AO4drQc4uXXtktSU5x7EcuZO2fDAGyJo5yBPcd/CKdo2F7x39WOuVJDp1h29qd66jiBu37EStzu3xW8ux3VpUrydJjMLDu3YQ3BLJ8MeHUOFy/kK51DaPyQ/T7uZELFg0laXBMZ4h3rswmYAVsUjZAy/2mVn2jLSMekUl/Oin9uXnba/gppCGLYN7lBzxMrk2lsy+B+Q3LBQOUnCG9eii0LDv50/0TbFQgvEriKXVrZTXKMsDqq68GQBV04Ij6xilDzeh1dQVhXsHLEhHdR6ZlIXpOkzOLOrmAviinlSgiC1ryOzePr39HpXNKWDOkLj7fbZ69k5c0BQ8zcpG65JJEbEOPujzWlTqudzcDx85KBC0w/35BNln14MeX36PDbGDMKPUr1CI+vwjL/OSa4AIpTauY8QisrTJwlM+hlNZNYuuxptdICSaGe9mZWLWTX3zjv8ECmBMow8iCuHmlQvRfyRUYiP4ZaU25zcgD4TiRaXeXZyshvS6lm/vHIcJPEhHFxaBHWq+JNbMYOsFdC/HepwpqTcDT7X0DtZ5jRw=
Hi Josh,

There are probably other (possibly better) ways to achieve this - but one way is to use the RuleApi and GSH to inherit privileges. The example below should do it:

grouperSession = GrouperSession.startRootSession();
someStem = StemFinder.findByName(grouperSession, "stem:path");
webServiceClientUsers = GroupFinder.findByName(grouperSession, "etc:webServiceClientUser");
RuleApi.inheritGroupPrivileges(SubjectFinder.findRootSubject(), someStem, Stem.Scope.SUB, webServiceClientUsers.toSubject(), Privilege.getInstances("read"));
RuleApi.runRulesForOwner(someStem);

Thanks,

Justin Robinson
Indiana University

On Jul 26, 2018, at 12:42 PM, O'Dowd, Josh <> wrote:

Hi,

I am wondering if it is possible to give an etc:webServiceClientUsers group member READ(not ADMIN) privilege for ALL groups(including any new), instead of having to add that privilege to each group individually?  More of a global group READ privilege, similar to what the etc:sysadmingroup has with the ADMIN priv for all groups is what we are looking for.

Any help is much appreciated.

Thanks.
-Josh O’Dowd
University of Montana

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.19.

Top of Page