Initializing Administration of Grouper Privileges
GrouperSystem is the root-like principal used to manage assignment of privileges in Grouper. In addition to GrouperSystem, externally authenticated members of the wheel group can choose when to act with root-like privileges.
If you've enabled the wheel group, you must create it and add members. GrouperShell acts as GrouperSystem and can bootstrap the necessary naming stem(s), group, and memberships.
Enabling the Wheel Group
The wheel group is enabled and named in conf/grouper.properties :
Automatically Creating the Wheel Group
To automatically create the wheel group :
Using GrouperShell to Create the Wheel Group
To create the wheel group using GrouperShell :
Adding Members to the Wheel Group
Whether you've set the wheel group to be automatically created, or you've used GrouperShell to create it, you'll need to add members to the wheel group. Once the wheel group is established, and things are working, the person designated as wheel can use the UI or use GrouperShell to manage other wheel members. Here is an example using GrouperShell:
In this example "SD00125" is the subjectId of a person, as determined outside of gsh by, in this case, an LDAP query to a directory that acts as a subject source to Grouper: