grouper-users - RE: [grouper-users] web service user READ only, ALL groups
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: "O'Dowd, Josh" <>, "Robinson, Justin S" <>
- Cc: "" <>
- Subject: RE: [grouper-users] web service user READ only, ALL groups
- Date: Fri, 27 Jul 2018 06:26:42 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:aFKPqRHzJwr40uQof1szeJ1GYnF86YWxBRYc798ds5kLTJ7yrsSwAkXT6L1XgUPTWs2DsrQY07SQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDuwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6jAf90VWHBBU95RWSJfH428c4UBAekPPelaronyu1QAohSlCAmwH+zj1iNEimPq0aA41ekqDAHI3BYnH9ILqHnYotf7NacTUO+r1qnE1SjIYu1W2Tfn6YjIaR4tquyLULJ1bcXRyUkuFgLbgVWKsoHlPiiV2fgXv2iG9+pvS+Svi2g9pw5vvzev294hh4/UjYwW0lDJ7Tt1z5wpKdGlTUN3fMOoHIZVuiGUOIZ6Xt8uTmRqtSkkxbAJp5u2cS0UxJg7wxPTc+GLfoaU7h75UOudPC10iGx4dL+7nRq+7Eqtx+zkWsm6zllHrTZJn9zJu30OyhPT5MeKR/5+80qvxDmAzQXe6u9aLU07mqfWLoIuz70qmZYNt0nIAzX4l1/sjKCMc0Up4uio5PrjYrXhvpKSL5N5hAbiPqkhg8CyHPw2PwYXU2ic4uuzyqfv/UrkQLVWlfI2lbTZsJbHKsgBvq65GQhV0po95BmjEzem0dMYnX8dIFJCZRKHk4zpO1bJIPD7F/uwn1OskDJzy/DHOL3uHInNI2DdnLj7Ybpx9ktRxBcuwdxC4p9UBL4MLO7vVkL0ttHXEBA0PBKxzuviFtlxyocTVXqKAqCDMaPStVGI5vgoI+mJfIIVvSryK/gl5v/vk3A5g0QQfaiy3ZQLcny4A+xmLFufYXrqmNsOD3oFvhcmQOzwlFKCSSJTZ2q1X68k6TE7EoWmDZrbRo+zmryNxTq7HoZIaWBcEVCBCnPod4SfW/cQcyKePNVtkj0CVbi9VYAhzxeuuxHmy7Z5NObb5DAXtY+wnORysqf02j016jAwR+aayGHHBzVWmXgIARh58KdgrWR40VDFzK1kxfFUCIoXr7lzVQ07M4XbyagyKc3pRgPHNuzDAAKkWIr8KTAsCN893oldTVx6HoDorgHR0jDuS5QVjb2QTtRg96nczmr8Pe580H2AybEsiV9gT8dSYz71zpVj/hTeUtaa236SkLynIOFFhHaXrjWK0HaOsUdEUQV5TaTCWzUFa1DLqcjiuB+QVKegXLIgNAYJidWPLKdHcJXItR1HX7+iXbaWeGetgyG1DBeMyKmLad/vcGUMzijHIEkfmEYO5XuAM04zCjry628=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
There is a way to do a global READ or VIEW or whatever priv without the
overhead of the inherited privs copying to every object:
(from grouper.base.properties)
# A readonly wheel group allows you to enable non-GrouperSystem subjects to
act
# like a root user when reading the registry.
groups.wheel.readonly.use = false
# Set to the name of the group you want to treat as the readonly wheel group.
# The members of this group will be treated as root-like users when reading
objects.
groups.wheel.readonly.group =
$$grouper.rootStemForBuiltinObjects$$:sysadminReadersGroup
-----Original Message-----
From:
[mailto:]
On Behalf Of O'Dowd, Josh
Sent: Thursday, July 26, 2018 1:01 PM
To: Robinson, Justin S
<>
Cc:
Subject: Re: [grouper-users] web service user READ only, ALL groups
Thanks for that Justin. I will give that a shot once I understand what its
doing, exactly. But your example gives me points of reference to learn more
about. Very kind.
Thank You!
-Josh
On Jul 26, 2018, at 10:55 AM, Robinson, Justin S
<<mailto:>>
wrote:
Hi Josh,
There are probably other (possibly better) ways to achieve this - but one way
is to use the RuleApi and GSH to inherit privileges. The example below should
do it:
grouperSession = GrouperSession.startRootSession();
someStem = StemFinder.findByName(grouperSession, "stem:path");
webServiceClientUsers = GroupFinder.findByName(grouperSession,
"etc:webServiceClientUser");
RuleApi.inheritGroupPrivileges(SubjectFinder.findRootSubject(), someStem,
Stem.Scope.SUB, webServiceClientUsers.toSubject(),
Privilege.getInstances("read"));
RuleApi.runRulesForOwner(someStem);
Thanks,
Justin Robinson
Indiana University
On Jul 26, 2018, at 12:42 PM, O'Dowd, Josh
<<'>>
wrote:
Hi,
I am wondering if it is possible to give an etc:webServiceClientUsers group
member READ(not ADMIN) privilege for ALL groups(including any new), instead
of having to add that privilege to each group individually? More of a global
group READ privilege, similar to what the etc:sysadmingroup has with the
ADMIN priv for all groups is what we are looking for.
Any help is much appreciated.
Thanks.
-Josh O’Dowd
University of Montana
- [grouper-users] web service user READ only, ALL groups, O'Dowd, Josh, 07/26/2018
- Re: [grouper-users] web service user READ only, ALL groups, Robinson, Justin S, 07/26/2018
- Re: [grouper-users] web service user READ only, ALL groups, O'Dowd, Josh, 07/26/2018
- RE: [grouper-users] web service user READ only, ALL groups, Hyzer, Chris, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Black, Carey M., 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Redman, Chad, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, O'Dowd, Josh, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, O'Dowd, Josh, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Redman, Chad, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Hyzer, Chris, 07/30/2018
- RE: [grouper-users] web service user READ only, ALL groups, Redman, Chad, 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Black, Carey M., 07/27/2018
- RE: [grouper-users] web service user READ only, ALL groups, Hyzer, Chris, 07/27/2018
- Re: [grouper-users] web service user READ only, ALL groups, O'Dowd, Josh, 07/26/2018
- Re: [grouper-users] web service user READ only, ALL groups, Robinson, Justin S, 07/26/2018
Archive powered by MHonArc 2.6.19.