Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] How to define stem navigator privileges

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] How to define stem navigator privileges

Chronological Thread 
  • From: "Black, Carey M." <>
  • To: Olivier Salaün <>, "Hyzer, Chris" <>, "" <>
  • Subject: RE: [grouper-users] How to define stem navigator privileges
  • Date: Fri, 27 Mar 2020 14:06:31 +0000
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TeV9Ho4jJrVDD+sz4dFbzz2i74Rmu/tarwWP6bbxEaw=; b=N//S0v6YMY/WJRPAJIXE7tXefOfr90a4oDAsXxcnWbIrHp/PPcOvKYlk13kgmPrYi6n0Asoi1GFM2YOS3l1/SgZ9gk/5NzLAP5n+Lt5PqQ4O43gYHHPAbuhW6SKRSA8K9DtDNtbHWQFhsgGCR9RfvdzykKbJBaVLfBnf3/KELw2N6PBdNSFS9VL1woowP16o9L5nhWl24Ff+LFDoz+d4aVJu6NM8Wda+wREKXVhtw+ntB1fFCmH+NYoxfkRdnrp5nY6x3DzNd6cj4Z288Bs88JXxHpct6ZpIuZ/2kyvn3qYvp8UGtj7WICC6vfk1zjpEW7mQ8Tf51w+YBaBYlnfHdg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=f4apK/i9kjjeSes5vBTHTDeIUKHsSOqGOMsqY8WoaHQF1fZPBw5SBUgYxA2Wh5e9WG7xB1hoLvdWNNlHuoDoTgjS1xsSjen1B0qaYiDyonGJjJVwrvJZlhe1KAKXPtQ4d0gKL2jz/u/F6f8rfIQpr6RaK9loDr1BR4sIMbTa62xxll2d0NmjGL2UC2qNrP0aTZfzT27ssVSZxAuLNGemiXjHG9aIcppzqq6ipPwHsqTgQvt0bkjA0N/AXKYvGxL+Ou2oHdbcGWPfuu6266+6T60vPcgJz7qA82KBhCDMi5Yr8TPB46RUyvq7N7iPQ79JKhPefPG/HceSSdA+YglmHw==



RE: “The only drawback: it provides view privilege on the complete Grouper hierarchy (not on a specific stem)."


                If you want it limited to a stem (and/or sub stems) then the way to go would be with



Carey Matthew


From: <> On Behalf Of Olivier Salaün
Sent: Friday, March 27, 2020 9:44 AM
To: Hyzer, Chris <>;
Subject: Re: [grouper-users] How to define stem navigator privileges


Thank you for your help, Chris.

I tried enabling the properties, but, as you mentionned, it does not provide visibility on groups.

I ended up setting these properties in :

# A viewonly wheel group allows you to enable non-GrouperSystem subjects to act
# like a root user when viewing the registry.
# {valueType: "boolean", required: true}
groups.wheel.viewonly.use                      = true

# Set to the name of the group you want to treat as the viewonly wheel group.
# The members of this group will be treated as root-like users when viewing objects.
# {valueType: "group", required: true}                    = etc:administration:globalViewers

The etc:administration:globalViewers includes other groups to meet our target population.

The only drawback: it provides view privilege on the complete Grouper hierarchy (not on a specific stem). But this is acceptable in our context.

Le 25/03/2020 à 17:25, Hyzer, Chris a écrit :

In the set this: = false


and see if it does what you want.


Note, users will be able to see folders but not groups…    you want all users to be able to see all groups but not members?  Maybe make a group of people who can see everyone (add all your active people in there or from reference group), and assign an inherited priv on the root folder that says that group can VIEW all groups and attributes.  Then your active people can see things exist.  Note, I don’t really recommend using EveryEntity since you cant restrict that in future and it might not be what you really want.





From: On Behalf Of Olivier Salaün
Sent: Wednesday, March 25, 2020 11:49 AM
Subject: [grouper-users] How to define stem navigator privileges


After an upgrade from Grouper 2.2.2 => 2.4.0 we noticed a difference regarding stem navigation in th GUI.

With Grouper 2.2.2 any logged in user could navigate through the stems/groups. However he could not view group members, unless he was member of the group listed in properties. This behavior was suiteable for us.

With Grouper 2.4.0 (with parameters from 2.2.2 maintained) any logged in user can no more navigate through the stems/groups. Here is what he sees :


I went through the wiki, changelog and properties, but could not find a way to change this behavior.

Is this a known change from 2.2.2 to 2.4.0?

Is there a property to customize this behavior?


Thanks you

Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54

Archive powered by MHonArc 2.6.19.

Top of Page