Grouper Users - Open Discussion List

["Hyzer, Chris" <>]

Add a jira please and we will address this...  probably by augmenting the 
privilege assignment WS and not by worrying about the underlying attribute 
assignments.

Or let me know and I can add a jira for you.

Thanks
Chris

-----Original Message-----
From: Vachon, Thomas 
[mailto:]
 
Sent: Tuesday, August 07, 2018 3:07 PM
To: Hyzer, Chris 
<>;
 

Subject: Re: [grouper-users] Grouper REST API for Privilege Inheritance

Yea, we mean via grouper-ws.

We can do it in the GUI, any groups or stems made after the inherit privilege 
is granted automatically gets the parents permissions.
________________________________________
From: Hyzer, Chris 
<>
Sent: Tuesday, August 7, 2018 15:00
To: Vachon, Thomas; 

Subject: RE: [grouper-users] Grouper REST API for Privilege Inheritance

When you say "API" you mean WS right?  If you give someone CREATE or ADMIN 
that doesn't inherit to descendant objects...

-----Original Message-----
From: Vachon, Thomas 
[mailto:]
Sent: Tuesday, August 07, 2018 2:58 PM
To: Hyzer, Chris 
<>;
 

Subject: Re: [grouper-users] Grouper REST API for Privilege Inheritance

Thanks Chris,

I don't quite grok the inherit problem still.  We want to set this up fully 
via the API. ll we do is give a known group CREATE on the stems and ADMIN on 
the groups on the top of the "local" stem
________________________________________
From: Hyzer, Chris 
<>
Sent: Tuesday, August 7, 2018 14:55
To: Vachon, Thomas; 

Subject: RE: [grouper-users] Grouper REST API for Privilege Inheritance

You can do composite groups with GroupSave.

https://spaces.at.internet2.edu/display/Grouper/Group+Save

For the inherited privs, in the UI it calls a method to inherit.  But it will 
also inherit from a daemon which runs nightly.  If you want it to run when 
you save a rule over WS, please open a jira and be explicit about the calls 
that you use to configure the privileges...

Thanks
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of 

Sent: Tuesday, August 07, 2018 2:47 PM
To: 

Subject: [grouper-users] Grouper REST API for Privilege Inheritance

Hi everyone,

We are trying to move automation more into the REST/grouper-ws land from the
GCLI where possible.  We have hit a wall on setting up inherited Grouper
permissions on a stem.

As you all know, but I'm going to say anyways, if you don't set the permission
inheritance up first, any groups and stems created don't get retroactively
applied permissions.  Since we do highly decentralized management, this poses
a large problem for us.

We have group, stem, and single-execution permissions setup via the API but I
am unable to decipher what needs to happen to get inherited permissions
applied via the API.  I will be committing this back to the community, so any
help is appreciated.

Also, for extra credit, if you can help me get composite groups working, that
would save us a bit more time as well.

Thank You,
Tom Vachon