Child pages
  • Useful sample Grouper scripts and queries
Skip to end of metadata
Go to start of metadata

Note: Carefully review and test all scripts in a test environment before running in prod.  You are liable for scripts that you run.

Assign group memberships and privileges like another user

If you want to add a user to all the groups another user is in, you can generate GSH scripts via SQL.  Note, this is an oracle script, for mysql you will need to change the || to "concat()".  Also, the pagesize and linesize settings are oracle specific.  You can omit or replace for other dbs.  This will work for 1.4 and 1.5

Group memberships (note, adjust "someExistingSubjectId", and "someNewSubjectId"):

set pagesize 10000
set linesize 1000

select 'addMember("' || gmv.GROUP_NAME || '", "someNewSubjectId", FieldFinder.find("' || gmv.LIST_NAME || '"));'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'list';

Take the output of that, which looks like this:

addMember("test:stem:whatever:group", "someNewSubjectId", FieldFinder.find("members"));
addMember("school:hey:there:folder:group2", "someNewSubjectId", FieldFinder.find("members"));

Put that in a file called script.txt, and should put this at the top:   GrouperSession.startRootSession();

Then run like this: gsh.sh script.txt

For group privileges, adjust for subjectIds and run this query (again, for mysql, use concat instead of ||):

select 'grantPriv("' || gmv.GROUP_NAME || '", "someNewSubjectId", ' || gmv.list_name || ');'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'access';

Put the output in a script file, and add these lines to the top:

GrouperSession.startRootSession();
readers = AccessPrivilege.READ;
updaters = AccessPrivilege.UPDATE;
admins = AccessPrivilege.ADMIN;
viewers = AccessPrivilege.VIEW;
optins = AccessPrivilege.OPTIN;
optouts = AccessPrivilege.OPTOUT;

grantPriv("test:stem:whatever:group1", "someNewSubjectId", viewers);
grantPriv("test:stem:whatever:group2", "someNewSubjectId", viewers);
grantPriv("test:stem:whatever:group3", "someNewSubjectId", readers);
grantPriv("test:stem:whatever:group4", "someNewSubjectId", viewers);

Run the script like this: gsh.sh script.txt

For stem privileges adjust for subjectIds and run this query (again, for mysql, use concat instead of ||):

select 'grantPriv("' || gmv.STEM_NAME || '", "someNewSubjectId", ' || gmv.list_name || ');'  as command
from grouper_memberships_v gmv
where gmv.subject_id = 'someExistingSubjectId'
 AND gmv.membership_TYPE = 'immediate'
 and list_type = 'naming';

Put the output in a script file, and add these lines to the top:

GrouperSession.startRootSession();

creators = NamingPrivilege.CREATE;
stemmers = NamingPrivilege.STEM;

grantPriv("test:stem:whatever:stem1", "someNewSubjectId", creators);
grantPriv("test:stem:whatever:stem2", "someNewSubjectId", creators);
grantPriv("test:stem:whatever:stem3", "someNewSubjectId", creators);

Run the script like this: gsh.sh script.txt

Delete an attribute by deleting all assignments of attribute

Note, the long for loop needs all text on one line.  This was run on Grouper 1.4

C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin>gsh
Using GROUPER_HOME:           C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin\..
Using GROUPER_CONF:           C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin\../conf
Using JAVA:                   "c:\dev_inst\java/bin/java"
using MEMORY:                 64m-512m
...
Type help() for instructions
gsh 0% typeAdd("testType");
type: 'testType'
gsh 2% typeAddAttr("testType", "typeAttr", AccessPrivilege.READ, AccessPrivilege.ADMIN, false);
attribute: 'typeAttr'
gsh 3% groupAddType("test:test1", "testType")
true
gsh 5% setGroupAttr("test:test1", "typeAttr", "whatever")
true
gsh 7% groupAddType("test:test2", "testType")
true
gsh 9% setGroupAttr("test:test2", "typeAttr", "whatever2")
true
gsh 11% for(theGroup : GrouperDAOFactory.getFactory().getGroup().findAllByApproximateAttr("typeAttr", "%")) { System.out
.println(theGroup.getName()); theGroup.deleteAttribute("typeAttr");  }
test:test1
test:test2
gsh 12% typeDelField("testType", "typeAttr");
true

All groups that use groups as members

This will find all groups that use groups as members.  Useful for when you are deleting a stem and subgroups.  If the groups in the stem are used elsewhere, it will show the relationships (this works in grouper 1.4):

select group_parent.name parent_name, gf.NAME , group_member.NAME member_name
from grouper_groups_v group_parent, grouper_groups_v group_member, grouper_memberships gm, grouper_members gmember, grouper_fields gf
where group_parent.GROUP_ID = gm.OWNER_ID and gm.member_id = gmember.ID
and gmember.SUBJECT_ID = group_member.GROUP_ID
and group_member.NAME like 'penn:community:employee:orgs:%'
and gf.ID = gm.FIELD_ID;
  • No labels