Date: Thu, 28 Mar 2024 23:01:45 +0000 (UTC) Message-ID: <107627399.7151.1711666905262@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7150_799209048.1711666905260" ------=_Part_7150_799209048.1711666905260 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This document lists instructions for people with existing groups= installations on how to upgrade to newer versions of grouper (or grouper r= elated products). If you notice something missing please let us know.= The instructions are in descending order based on date/release. = ; You will find instructions below for Grouper, Grouper-ws, Grouper-ui, etc= . It is assumed if you are running grouper-ui that you will perform b= oth the grouper upgrade notes, and the grouper-ui upgrade notes. It i= s understood that you will get the new source/javadoc/etc files, this docum= ent addresses configurations, jars, etc. Note that for major upgrades= , you should follow the upgrade steps. For= minor upgrades, that instructions should be sufficient.
&= lt;!-- if you are going to use the inclause attribute on the search to make the querie= s batchable when searching by id or identifier --> <init-param> <param-name>useInClauseFor= IdAndIdentifier</param-name> <param-value>true</para= m-value> </init-param> <!-- comma separate the identifiers for t= his row, this is for the findByIdentifiers if using an in clause --> <init-param> <param-name>identifierAttr= ibutes</param-name> <param-value>LOGINID</p= aram-value> </init-param> <search> <searchType>se= archSubject</searchType> <param> &n= bsp;<param-name>sql</param-name> &n= bsp;<param-value> select s.subjectid as id, s.name as name, (select sa2.value from subjectattribute sa2 where name= =3D'name' and sa2.SUBJECTID =3D s.subjectid) as lfname, (select sa3.value from subjectattribute sa3 where name= =3D'loginid' and sa3.SUBJECTID =3D s.subjectid) as loginid, (select sa4.value from subjectattribute sa4 where name= =3D'description' and sa4.SUBJECTID =3D s.subjectid) as description, (select sa5.value from subjectattribute sa5 where name= =3D'email' and sa5.SUBJECTID =3D s.subjectid) as email from subject s where {inclause} &l= t;/param-value> </param> <param> &n= bsp;<param-name>inclause</param-name> &n= bsp;<param-value> s.subjectid =3D ? &l= t;/param-value> </param> </search> <search> <searchType>se= archSubjectByIdentifier</searchType> <param> &n= bsp;<param-name>sql</param-name> &n= bsp;<param-value> select s.subjectid as id, s.name as name, (select sa2.value from subjectattribute sa2 where name= =3D'name' and sa2.SUBJECTID =3D s.subjectid) as lfname, (select sa3.value from subjectattribute sa3 where name= =3D'loginid' and sa3.SUBJECTID =3D s.subjectid) as loginid, (select sa4.value from subjectattribute sa4 where name= =3D'description' and sa4.SUBJECTID =3D s.subjectid) as description, (select sa5.value from subjectattribute sa5 where name= =3D'email' and sa5.SUBJECTID =3D s.subjectid) as email from subject s, subjectattribute a where a.name=3D'loginid' and s.subjectid =3D a.subjectid and {= inclause} &n= bsp;</param-value> </param> <param> &n= bsp;<param-name>inclause</param-name> &n= bsp;<param-value> a.value =3D ? &l= t;/param-value> </param> </search>
<= ;!-- on a findPage() this is the most results returned --> <init-param> <param-name>maxPageSize</param-name= > <param-value>100</param-value> </init-param>
#######= ############################ ## Subject settings ################################### # if finding across multiple threadable sources, use threads to do the work= faster subjects.allPage.useThreadForkJoin =3D false # if finding across multiple threadable sources, use threads to do the work= faster subjects.idOrIdentifier.useThreadForkJoin =3D false # if the creator and last updater should be group subject attributes (you g= et # a performance gain if you set to false, but if true you can see subject i= d from UI in 2.0 subjects.group.useCreatorAndModifierAsSubjectAttributes =3D true # if we should use a root session if one isnt started for subject lookups (= behavior in v2.0- subjects.startRootSessionIfOneIsntStarted =3D true
OLD: hibernate.cache.provider_class =3D org.hibernate.cache.EhCacheProvider
NEW: hibernate.cache.region.factory_class =3D net.sf.ehcache.hibernate.EhCacheRe= gionFactory
<s= ource adapterClass=3D"edu.internet2.middleware.grouper.GrouperSourceAdapter= "> <id>g:gsa</id> <name>Grouper: Group Source Adapter</name> <type>group</type> <init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</para= m-name> <param-value>${subject.getAttributeValue('name')},${subject.get= AttributeValue('displayName')},${subject.getAttributeValue('alternateName')= }</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>displayExtension</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <!-- on a findPage() this is the most results returned --> <init-param> <param-name>maxPageSize</param-name> <param-value>100</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> </source>
<d= efaultCache maxElementsInMemory=3D"1000" eternal=3D"false" timeToIdleSeconds=3D"1" timeToLiveSeconds=3D"1" overflowToDisk=3D"false" /> <cache name=3D"net.sf.hibernate.cache.UpdateTimestampsCache" maxElementsInMemory=3D"5000" eternal=3D"true" overflowToDisk=3D"true" /> <cache name=3D"org.hibernate.cache.UpdateTimestampsCache" maxElementsInMemory=3D"5000" eternal=3D"true" overflowToDisk=3D"true" /> <cache name=3D"edu.internet2.middleware.grouper.pit.PITField" maxElementsInMemory=3D"1000" eternal=3D"false" timeToIdleSeconds=3D"30" timeToLiveSeconds=3D"120" overflowToDisk=3D"false" /> <cache name=3D"edu.internet2.middleware.grouper.internal.dao.hib3.Hib= 3PITFieldDAO.FindById" maxElementsInMemory=3D"1000" eternal=3D"false" timeToIdleSeconds=3D"30" timeToLiveSeconds=3D"120" overflowToDisk=3D"false" />
# root = stem in grouper where built in attributes are put grouper.attribute.rootStem =3D etc:attribute # if the attribute loader attributes, and other attributes should be autoco= nfigured (created, etc) grouper.attribute.loader.autoconfigure =3D true
#put th= e URL which will be used e.g. in emails to users. include the webappname a= t the end, and nothing after that. #e.g. https://server.school.edu/grouper/ grouper.ui.url =3D
# Searc= h and sort strings for internal users internalSubjects.searchAttribute0.el =3D ${subject.name},${subject.id} internalSubjects.sortAttribute0.el =3D ${subject.name} ... # By default, all users have access to sort using any of the sort strings i= n the member table and search using any of the search strings in the member= table. # You can restrict to wheel only or to a certain group. #security.member.sort.string0.allowOnlyGroup =3D etc:someGroup #security.member.sort.string1.allowOnlyGroup =3D etc:someGroup #security.member.sort.string2.wheelOnly =3D true #security.member.sort.string3.wheelOnly =3D true #security.member.sort.string4.wheelOnly =3D true #security.member.search.string0.allowOnlyGroup =3D etc:someGroup #security.member.search.string1.allowOnlyGroup =3D etc:someGroup #security.member.search.string2.wheelOnly =3D true #security.member.search.string3.wheelOnly =3D true #security.member.search.string4.wheelOnly =3D true ################################### ## Member sort and search ################################### # Attributes of members are kept in the grouper_members table to allow easy= sorting and searching (for instance when listing group members). # When performing a sort or search and an index is not specified, then a de= fault index will be used as configured below. The value is comma-separated= , # so that if the user does not have access to the first index, then next wi= ll be tried and so forth. # Note: all sources should have attributes configured for all default inde= xes. member.search.defaultIndexOrder=3D0 member.sort.defaultIndexOrder=3D0
#implem= ent an attribute def hook by extending edu.internet2.middleware.grouper.hoo= ks.AttributeDefHooks #hooks.attributeDef.class=3Dedu.yourSchool.it.YourSchoolAttributeDefHooks,e= du.yourSchool.it.YourSchoolAttributeDefHooks2 #implement an attribute def name hook by extending edu.internet2.middleware= .grouper.hooks.AttributeDefNameHooks #hooks.attributeDefName.class=3Dedu.yourSchool.it.YourSchoolAttributeDefNam= eHooks,edu.yourSchool.it.YourSchoolAttributeDefNameHooks2 #implement an attribute assign hook by extending edu.internet2.middleware.g= rouper.hooks.AttributeAssignHooks #hooks.attributeAssign.class=3Dedu.yourSchool.it.YourSchoolAttributeAssignH= ooks,edu.yourSchool.it.YourSchoolAttributeAssignHooks2 #implement an attribute assign hook by extending edu.internet2.middleware.g= rouper.hooks.AttributeAssignValueHooks #hooks.attributeAssignValue.class=3Dedu.yourSchool.it.YourSchoolAttributeAs= signValueHooks,edu.yourSchool.it.YourSchoolAttributeAssignValueHooks2 #implement an external subject hook by extending edu.internet2.middleware.g= rouper.hooks.ExternalSubjectHooks #hooks.externalSubject.class=3Dedu.yourSchool.it.YourSchoolExternalSubjectH= ooks
#######= ############################ ## Rules ################################### # Rules users who are in the following group can use the actAs field to act= as someone else # You can put multiple groups separated by commas. e.g. a:b:c, e:f:g # You can put a single entry as the group the calling user has to be in, an= d the grouper the actAs has to be in # separated by 4 colons # e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w # then if the calling user is in a:b:c or x:e:w, then the actAs can be anyo= ne # if not, then if the calling user is in e:f:d, then the actAs must be in r= :e:w. If multiple rules, then # if one passes, then it is a success, if they all fail, then fail. rules.act.as.group =3D # any actAs subject in this group has access to more objects when the EL fi= res on # the IF or THEN EL clause rules.accessToApiInEl.group =3D # cache the decision to allow a user to actAs another, so it doesnt have to= be calculated each time # defaults to 30 minutes rules.act.as.cache.minutes =3D 30 # uuids (comma separated) of the attribute assign record which is the rule = type to the owner object # e.g. SELECT gaagv.attribute_assign_id FROM grouper_attr_asn_group_v gaagv= WHERE gaagv.attribute_def_name_name LIKE '%:rule' AND gaagv.group_name =3D= 'stem:a' # make sure log info level is set for RuleEngine # log4j.logger.edu.internet2.middleware.grouper.rules.RuleEngine =3D INFO rules.attributeAssignTypeIdsToLog =3D abc1234abc123, def456def345 # if this is true, then log a lot of info about why rules do or do not fire= ... only turn on temporarily # since it takes a lot of resources... note you need log DEBUG set for the= rules engine in log4j.properties too e.g. # log4j.logger.edu.internet2.middleware.grouper.rules =3D DEBUG rules.logWhyRulesDontFire =3D false # put in fully qualified classes to add to the EL context. Note that they = need a default constructor # comma separated. The alias will be the simple class name without a first= cap. # e.g. if the class is test.Test the alias is "test" rules.customElClasses =3D # If the CHECK, IF, and THEN are all exactly what is needed for managing in= herited stem privileges # Then allow an actAs GrouperSystem in source g:isa rules.allowActAsGrouperSystemForInheritedStemPrivileges =3D # If not blank, then keep email templates in this folder instead of classpa= th # If in classpath, it is classpath: grouperRulesEmailTemplates/someTemplate= .txt rules.emailTemplatesFolder =3D
# If tr= ue, when an immediate membership changes for a group (either a privilege or= a list member), # then an update will be made to the lastImmediateMembershipChange property= for the group. groups.updateLastImmediateMembershipTime =3D true
#leave = blank or false for no ssl, true for ssl #mail.smtp.ssl =3D #leave blank for default (probably 25), if ssl is true, default is 465, els= e specify #mail.smtp.port =3D #when running junit tests, this is the address that will be used #mail.test.address =3D a@b.c
# if th= e external subject tests should be included when running all tests, note yo= u need the jabber attribute in the view (default false) junit.test.externalSubjects =3D false # if the group sync should be tested... note you need the demo server avail= able to test this, or change some settings... junit.test.groupSync =3D false junit.test.groupSync.url =3D https://grouperdemo.internet2.edu/grouper-ws_v= 2_0_0/servicesRest junit.test.groupSync.user =3D remoteUser junit.test.groupSync.password =3D R:/pass/grouperDemoRemoteUser.pass #folder where the user can create/stem which the user can use to run tests junit.test.groupSync.folder =3D test2:whateverFolder #this is true unless testing to an older grouper which doesnt support this junit.test.groupSync.pushAddExternalSubjectIfNotExist =3D true junit.test.groupSync.createRemoteFolderIfNotExist =3D true junit.test.groupSync.remoteSourceId =3D grouperExternal junit.test.groupSync.remoteReadSubjectId =3D identifier junit.test.groupSync.remoteWriteSubjectId =3D identifier
#######= ############################## ## centrally managed permissions ##################################### # if the permissions limits should be readable and updatable by GrouperAll = (set when created)... grouper.permissions.limits.builtin.createAs.public =3D true # if the permissions limits should be readable and updatable by GrouperAll = (set when created)... grouper.permissions.limits.builtin.displayExtension.limitAmountLessThan =3D= amount less than grouper.permissions.limits.builtin.displayExtension.limitAmountLessThanOrEq= ual =3D amount less than or equal to grouper.permissions.limits.builtin.displayExtension.limitExpression =3D Exp= ression grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworkRealm = =3D ipAddress on network realm grouper.permissions.limits.builtin.displayExtension.limitIpOnNetworks =3D i= pAddress on networks grouper.permissions.limits.builtin.displayExtension.limitLabelsContain =3D = labels contains grouper.permissions.limits.builtin.displayExtension.limitWeekday9to5 =3D We= ekday 9 to 5 # el classes to add to the el context for a limitExpression. Comma-separat= ed fully qualified classnames grouper.permissions.limits.el.classes =3D # permission limits linked to subclasses of edu.internet2.middleware.groupe= r.permissions.limits.PermissionLimitBase #grouper.permissions.limits.logic.someName.limitName =3D #grouper.permissions.limits.logic.someName.logicClass =3D # if you are doing ip address limits, you can put realms here # grouper.permissions.limits.realm.someName =3D 1.2.3.4/24, 2.3.4.5/16
#######= ############################## ## External subjects ##################################### #manages the description of a user automatically externalSubjects.desc.el =3D [unverifiedInfo] ${grouperUtil.appendIfNotBlan= kString(externalSubject.name, ' - ', externalSubject.institution)} [externa= lUserID] ${externalSubject.identifier} #search and sort strings added to member objects externalSubjects.searchAttribute0.el =3D ${subject.name},${subjectUtils.def= aultIfBlank(subject.getAttributeValue("institution"), "")},${subjectUtils.d= efaultIfBlank(subject.getAttributeValue("identifier"), "")},${subject.id},$= {subjectUtils.defaultIfBlank(subject.getAttributeValue("email"), "")} externalSubjects.sortAttribute0.el =3D ${subject.name} externalSubjects.sortAttribute1.el =3D ${subjectUtils.defaultIfBlank(subjec= t.getAttributeValue("identifier"), "")} externalSubjects.sortAttribute2.el =3D ${subjectUtils.defaultIfBlank(subjec= t.getAttributeValue("institution"), "")} # false if the description should be managed via EL (config above) externalSubjects.desc.manual =3D false # quartz cron where subjects are recalculated if necessary (empty means don= t run), e.g. everyday at 3am externalSubjects.calc.fields.cron =3D 0 0 3 * * ? externalSubjects.name.required =3D true externalSubjects.email.required =3D false externalSubjects.email.enabled =3D true # these field names (uuid, institution, identifier, uuid, email, name) or a= ttribute names # will be toLowered, and appended with comma separators. e.g. if you add a= ttributes, add them here too externalSubjects.searchStringFields =3D name, institution, identifier, uuid= , email externalSubjects.institution.required =3D false externalSubjects.institution.enabled =3D true # note, this must be only alphanumeric lower case or underscore # (valid db column name, subject attribute name) #externalSubjects.attributes.jabber.systemName =3D jabber #externalSubjects.attributes.jabber.required =3D false # comment on column in DB (no special characters allowed) #externalSubjects.attributes.jabber.comment =3D The jabber ID of the user # if wheel or root can edit external users externalSubjects.wheelOrRootCanEdit =3D true # group which is allowed to edit external users externalSubjects.groupAllowedForEdit =3D # if the view on the external subjects should be created. # turn this off if it doesnt compile, othrewise should be fine externalSubjects.createView =3D true #name of external subject source, defaults to grouperExternal externalSubject.sourceId =3D grouperExternal externalSubject.sourceName =3D External Users # grouper can auto create a jdbc2 source for the external subjects externalSubjects.autoCreateSource =3D false # put in fully qualified classes to add to the EL context. Note that they = need a default constructor # comma separated. The alias will be the simple class name without a first= cap. # e.g. if the class is test.Test the alias is "test" externalSubjects.customElClasses =3D # change these to affect the storage where external subjects live (e.g. to = store in ldap), # must implement each respective storable interface externalSubjects.storage.ExternalSubjectStorable.class =3D edu.internet2.mi= ddleware.grouper.externalSubjects.ExternalSubjectDbStorage externalSubjects.storage.ExternalSubjectAttributeStorable.class =3D edu.int= ernet2.middleware.grouper.externalSubjects.ExternalSubjectAttributeDbStorag= e # you can use the variables $newline$, $inviteLink$. Note, you need to cha= nge this default message... externalSubjectsInviteDefaultEmail =3D Hello,$newline$$newline$This is an i= nvitation to register at our site to be able to access our applications. T= his invitation expires in 7 days. Click on the link below and sign in with= your InCommon credentials. If you do not have InCommon credentials you ca= n register at a site like protectnetwork.org and use those credentials.$new= line$$newline$$inviteLink$$newline$$newline$Regards. # default subject for email externalSubjectsInviteDefaultEmailSubject =3D Register to access applicatio= ns # you can use the variables $newline$, $inviteeIdentifier$, $inviteeEmailAd= dress$. Note, you need to change this default message... externalSubjectsNotifyInviterEmail =3D Hello,$newline$$newline$This is a no= tification that user $inviteeIdentifier$ from email address $inviteeEmailAd= dress$ has registered with the identity management service. They can now u= se applications at this institution.$newline$$newline$Regards. externalSubjectsNotifyInviterSubject =3D $inviteeIdentifier$ has registered # numner of days after which this request will expire. If -1, then will no= t expire externalSubjectsInviteExpireAfterDays =3D 7 #put some group names comma separated for groups to auto add subjects to externalSubjects.autoaddGroups=3D #should be insert, or update, or insert,update externalSubjects.autoaddGroupActions=3Dinsert,update #if a number is here, expire the group assignment after a certain number of= days externalSubjects.autoaddGroupExpireAfterDays=3D # add multiple group assignment actions by URL param: externalSubjectInvite= Name #externalSubjects.autoadd.testingLibrary.externalSubjectInviteName=3Dlibrar= y # comma separated groups to add for this type of invite #externalSubjects.autoadd.testingLibrary.groups=3D # should be insert, update, or insert,update #externalSubjects.autoadd.testingLibrary.actions=3Dinsert,update # should be insert, update, or insert,update #externalSubjects.autoadd.testingLibrary.expireAfterDays=3D #if registrations are only allowed if invited or existing... externalSubjects.registerRequiresInvite=3Dtrue #make sure the identifier when logging in is like an email address or eppn,= e.g. username@school.edu externalSubjects.validateIndentiferLikeEmail=3Dtrue #put regexes here, increment the 0 for multiple entries, e.g. restrict your= own institution #note, the extensions must be sequential (dont skip), regex e.g. ^.*@myscho= ol\\.edu$ externalSubjects.regexForInvalidIdentifier.0=3D
#######= ############################### ## Grouper client connections ## if this grouper needs to talk to another grouper, this is the client con= nection information ###################################### # id of the source, should match the part in the property name #grouperClient.someOtherSchool.id =3D someOtherSchool # url of web service, should include everything up to the first resource to= access # e.g. https://groups.school.edu/grouperWs/servicesRest #grouperClient.someOtherSchool.properties.grouperClient.webService.url =3D = https://some.other.school.edu/grouperWs/servicesRest # login ID #grouperClient.someOtherSchool.properties.grouperClient.webService.login = =3D someRemoteLogin # password for shared secret authentication to web service # or you can put a filename with an encrypted password #grouperClient.someOtherSchool.properties.grouperClient.webService.password= =3D ********* # client version should match or be related to the server on the other end.= .. #grouperClient.someOtherSchool.properties.grouperClient.webService.client.v= ersion =3D v2_0_000 # this is the subject to act as local, if blank, act as GrouperSystem, spec= ify with SubjectFinder packed string, e.g. # subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or = sourceId::::::subjectIdentifier or ::::::subjectIdentifier # sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier #grouperClient.someOtherSchool.localActAsSubject =3D # the id of this source, generally the same as the name in the property nam= e. This is mandatory #grouperClient.someOtherSchool.source.jdbc.id =3D jdbc # the part between "grouperClient.someOtherSchool.source." and ".id" links = up the configs, # in this case, "jdbc", make sure it has no special chars. sourceId can be= blank if you dont want to specify #grouperClient.someOtherSchool.source.jdbc.local.sourceId =3D jdbc # this is the identifier that goes between them, it is "id" or an attribute= name. subjects without this attribute will not be processed #grouperClient.someOtherSchool.source.jdbc.local.read.subjectId =3D identif= ier # this is the identifier to lookup to add a subject, should be "id" or "ide= ntifier" or "idOrIdentifier" #grouperClient.someOtherSchool.source.jdbc.local.write.subjectId =3D identi= fier # sourceId of the remote system, can be blank #grouperClient.someOtherSchool.source.jdbc.remote.sourceId =3D jdbc # this is the identifier that goes between them, it is "id" or an attribute= name. subjects without this attribute will not be processed #grouperClient.someOtherSchool.source.jdbc.remote.read.subjectId =3D # this is the identifier to lookup to add a subject, should be "id" or "ide= ntifier" or "idOrIdentifier" #grouperClient.someOtherSchool.source.jdbc.remote.write.subjectId =3D ###################################### ## Sync to/from another grouper ## Only sync one group to one other group, do not sync one group to ## two report groupers. If you need to do this, add the group to another g= roup ###################################### # we need to know where our # connection name in grouper client connections above #syncAnotherGrouper.testGroup0.connectionName =3D someOtherSchool # incremental or push or pull or incremental_push. Note, incrementa= l push is cron'ed and incremental (to make sure no discrepancies arise) #syncAnotherGrouper.testGroup0.syncType =3D incremental_push # quartz cron to schedule the pull or push (incremental is automatic as ev= ents happen) (e.g. 5am daily) #syncAnotherGrouper.testGroup0.cron =3D 0 0 5 * * ? # local group which is being synced #syncAnotherGrouper.testGroup0.local.groupName =3D test:testGroup # remote group at another grouper which is being synced #syncAnotherGrouper.testGroup0.remote.groupName =3D test2:testGroup2 # if subjects are external and should be created if not exist #syncAnotherGrouper.testGroup0.addExternalSubjectIfNotFound =3D true
create = table change_log_entry_temp as select * from grouper_change_log_entry gcle = where gcle.SEQUENCE_NUMBER > 2500000; truncate table grouper_change_log_entry; insert into grouper_change_log_entry (select * from change_log_entry_temp); commit; analyze table grouper_change_log_entry compute statistics; drop table change_log_entry_temp;
# numbe= r of days to retain db rows in grouper_change_log_entry. -1 is forever. d= efault is 14 loader.retain.db.change_log_entry.days=3D14
# Shoul= d the change log include flattened memberships? changeLog.includeFlattenedMemberships =3D true # Should the change log include flattened privileges? changeLog.includeFlattenedPrivileges =3D true # Should the change log include flattened permissions? changeLog.includeFlattenedPermissions =3D true
#rules = consumer, needed for some of the Grouper rule types to run (e.g. flattenedM= embershipRemove, flattenedMembershipAdd) changeLog.consumer.grouperRules.class =3D edu.internet2.middleware.grouper.= changeLog.esb.consumer.RuleConsumer changeLog.consumer.grouperRules.quartzCron =3D #consumer for syncing groups to other groupers changeLog.consumer.syncGroups.class =3D edu.internet2.middleware.grouper.cl= ient.GroupSyncConsumer changeLog.consumer.syncGroups.quartzCron =3D
#######= ############################ ## Rules config ################################### # when the rules validations and daemons run. Leave blank to not run rules.quartz.cron =3D 0 0 7 * * ?
#######= ############################## ## ESB integration ##################################### #changeLog.consumer.xmppTest.quartzCron =3D #changeLog.consumer.xmppTest.class =3D edu.internet2.middleware.grouper.cha= ngeLog.esb.consumer.EsbConsumer #changeLog.consumer.xmppTest.elfilter =3D event.eventType eq 'GROUP_DELETE'= || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE= ' || event.eventType eq 'MEMBERSHIP_ADD' #changeLog.consumer.xmppTest.publisher.class =3D edu.internet2.middleware.g= rouper.changeLog.esb.consumer.EsbXmppPublisher #changeLog.consumer.xmppTest.publisher.server =3D jabber.school.edu #changeLog.consumer.xmppTest.publisher.port =3D 5222 #changeLog.consumer.xmppTest.publisher.username =3D jabberuser #changeLog.consumer.xmppTest.publisher.password =3D /home/whatever/pass/jab= beruserEncrypted.pass #changeLog.consumer.xmppTest.publisher.recipient =3D system1@school.edu #changeLog.consumer.xmppTest.publisher.addSubjectAttributes =3D NETID
## Grou= per Sync Point in Time Tables log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables =3D INFO= , grouper_event ## Grouper Sync Flat Tables #####log4j.logger.edu.internet2.middleware.grouper.misc.SyncFlatTables = =3D INFO, grouper_event
<!= -- You can flag a source as not throwing exception on a findAll (general = search) i.e. if it is ok if it is down. Generally you probably won't want to do this. It d= efaults to true if omitted. <init-param> <param-name>throwErrorOnFindAllFailure</param-name> <param-value>false</param-value> </init-param> -->
<= ;init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</para= m-name> <param-value>${subject.getAttributeValue('name')},${subject.get= AttributeValue('displayName')},${subject.getAttributeValue('alternateName')= }</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>name</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute>
&l= t;init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</par= am-name> <param-value>${subject.name},${subjectUtils.defaultIfBlank(sub= ject.getAttributeValue('LFNAME'), "")},${subjectUtils.defaultIfBlank(subjec= t.getAttributeValue('LOGINID'), "")},${subjectUtils.defaultIfBlank(subject.= description, "")},${subjectUtils.defaultIfBlank(subject.getAttributeValue('= EMAIL'), "")}</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>LFNAME</param-value> </init-param> <init-param> <param-name>sortAttribute1</param-name> <param-value>LOGINID</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute>
&l= t;init-param> <param-name>subjectAttributeCol1</param-name> <param-value>description_lower</param-value> </init-param> <init-param> <param-name>subjectAttributeName1</param-name> <param-value>searchAttribute0</param-value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>description</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute>
<= ;init-param> <param-name>subjectVirtualAttribute_0_searchAttribute0</para= m-name> <param-value>${subjectUtils.defaultIfBlank(subject.getAttribute= ValueOrCommaSeparated('uid'), "")},${subjectUtils.defaultIfBlank(subject.ge= tAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(s= ubject.getAttributeValueOrCommaSeparated('exampleEduRegId'), "")}</param= -value> </init-param> <init-param> <param-name>sortAttribute0</param-name> <param-value>cn</param-value> </init-param> <init-param> <param-name>searchAttribute0</param-name> <param-value>searchAttribute0</param-value> </init-param> <internal-attribute>searchAttribute0</internal-attribute> ///Attributes you would like to display when doing a search <attribute>cn</attribute> <attribute>sn</attribute> <attribute>uid</attribute> <attribute>department</attribute> <attribute>exampleEduRegId</attribute>
&l= t;!-- if more than this many results are returned, then throw a too many su= bjects exception -->^M <init-param> <param-name>maxResults</param-name> <param-value>1000</param-value> </init-param>
# If we= should remove paging from subject search since we cant *really* page throu= gh all subjects, # you would just be paging through the first part of the first page. = IF you set this to true # then you might want to bump up the default pagesize... pager.removeFromSubjectSearch=3Dfalse
#max su= bjects in drop down simpleMembershipUpdate.subjectComboboxResultSize=3D250
# You m= ay specify a logo for your organisation and for Grouper. Off-the-shelf # your organisation logo appears on the left of the header and the Grouper = logo # appears on the right. Typically you would make the logos the same height. image.organisation-logo=3DgrouperExternal/public/assets/images/organisation= -logo.gif image.grouper-logo=3DgrouperExternal/public/assets/images/grouper.gif
menu.or= der=3DMyGroups ManageGroups CreateGroups JoinGroups AllGroups SearchSubject= s SavedStems SavedGroups SavedSubjects GroupTypes LiteUi Help
# If yo= u are a wheel group member determines if you default to 'act as admin' view act-as-admin.default=3Dtrue
#users = must be in this group to invite external users to grouper require.group.for.inviteExternalSubjects.logins=3D #users must be in this group to assign/create/etc attributes in the UI (new= attribute framework) require.group.for.attributeUpdateLite.logins=3D
#### Me= mber sorting and searching # Whether to enable member sorting using sort attributes stored in Grouper. member.sort.enabled=3Dtrue # Whether to use default sorting only and not allow users to specify which = sort attribute to use. member.sort.defaultOnly=3Dfalse # Whether to enable member searching using search attributes stored in Grou= per. member.search.enabled=3Dtrue
### Mis= c # give more info about what is not serializable in the session debugSessionSerialization =3D false
grouper= Ui.subjectImg.sourceId.4 =3D grouperExternal grouperUi.subjectImg.image.4 =3D user_red.png grouperUi.subjectImg.screenEl.4 =3D ${subject.description} #this source doesnt really exist, but it is the image for roles as opposed = to groups grouperUi.subjectImg.sourceId.5 =3D g:rsa grouperUi.subjectImg.image.5 =3D group_key.png grouperUi.subjectImg.screenEl.5 =3D ${grouperUiUtils.convertSubjectToLabel(= subject)}
#######= ############################ ## Internationalization ################################### # this should be true unless troubleshooting... convertInputToUtf8 =3D true
#######= ########################### ## External subjects invitation ################################## # if the registration screen is enabled externalMembers.enabledRegistration =3D false #if admins should be emailed after each action, put comma separated address= es here externalMembers.emailAdminsAddressesAfterActions =3D #if you want to allow users to delete their record externalMembers.allowSelfDelete =3D false ################################## ## Invite external members ################################## inviteExternalMembers.groupComboboxResultSize =3D 200 # if the wheel group is allowed to be invited inviteExternalMembers.allowWheelInInvite =3D false # if the invitation screen is enabled inviteExternalMembers.enableInvitation =3D false #if link from admin UI inviteExternalPeople.link-from-admin-ui =3D false #if link from lite UI inviteExternalPeople.link-from-lite-ui =3D false #if admins should be emailed after each action, put comma separated address= es here inviteExternalMembers.emailAdminsAddressesAfterActions =3D #if we should allow invite by identifier inviteExternalMembers.allowInviteByIdentifier =3D false ################################### ## Simple permission update ################################### #max size for combobox when filtering attribute defs for permissions simplePermissionUpdate.attributeDefComboboxResultSize =3D 200 #max size for combobox when filtering permission resources simplePermissionUpdate.permissionResourceComboboxResultSize =3D 200 #max users in combobox when filtering simplePermissionUpdate.subjectComboboxResultSize =3D 50 #number of rows to repeat headers on permissions screen simplePermissionUpdate.repeatPermissionHeaderAfterRows =3D 20 #max chars in subject listing in permissions screen simplePermissionUpdate.maxOwnerSubjectChars =3D 50 ################################### ## Simple attribute update ################################### #max size for combobox when filtering attribute defs to edit simpleAttributeUpdate.attributeDefComboboxResultSize =3D 200 #repeat the header of which privilege is which every X rows simpleAttributeUpdate.repeatPrivilegeHeaderAfterRows =3D 20 #max size for combobox when filtering privilege users to add simpleAttributeUpdate.attributeDefPrivilegeUserComboboxResultSize =3D 200 #max size for combobox for search for members in assignment simpleAttributeUpdate.memberComboboxResultSize =3D 200 #when showing assignments, this is the max number of chars before ellipses,= -1 for no ellipses simpleAttributeUpdate.maxOwnerSubjectChars =3D 50 ################################### ## Simple attribute name ################################### #max size for combobox when filtering attribute def names to edit simpleAttributeNameUpdate.attributeDefNameComboboxResultSize =3D 200 ################################### ## Groups ################################### #max size for combobox when filtering groups to edit simpleGroupUpdate.groupComboboxResultSize =3D 200 #max size for entity drop down in group privilege screen simpleGroupUpdate.groupPrivilegeUserComboboxResultSize =3D 200 ################################### ## Directed graphs ################################### directedGraph.width =3D 1000 directedGraph.height =3D 600
member.= sort.string0=3DName member.sort.string1=3DLogin Id member.sort.change-sort-attribute=3DChange sort attribute member.search.filter-members-hint=3DEnter search text to find members in th= e list: member.search.filter-label=3DSearching for member: member.search.search-members=3DSearch for members member.search.filter-clear=3DClear member search
150c150 < ws.testing.version=3Dv2_0_000 --- > ws.testing.version=3Dv1_6_003
Subject attributes are not case sensitive anymore. If implement yo= ur own source, and you do not extend SubjectImpl and BaseSourceAdaptor, the= n you need to make the following changes: all the Subject attribute methods= are case-insensitive, you should use the SubjectCaseInsensitiveMap for att= ributes. The source attribute names should be toLowerCase, you should= use the SubjectCaseInsensitiveSet for the Source attribute names.
# pre g= rouper 2.0, the client encrypted passwords differently than the server. No= w that the client is part of the server, # there are more reasons to be consistent. Change to false for pre-2.0 pas= sword encryption behavior encrypt.encryptLikeServer =3D true
webServ= ice.getPermissionAssignments.output =3D Index: ${index}: permissionType: ${= wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, s= ubject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, a= ttributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${= wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOve= rall}, enabled: ${wsPermissionAssign.enabled}$newline$ webService.assignPermissions.output =3D Index: ${index}: permissionType: ${= permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeD= efName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disal= lowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enable= d}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissi= onResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
grouper= Client.output.version =3D 2.0.0 ... grouperClient.webService.client.version =3D v2_0_000
## http= s://spaces.at.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6= .0
java = -jar grouperClient.jar --operation=3DaddMemberWs [--groupName=3Da:b:c] [--g= roupUuid=3D123abc] [--subjectIds=3DsubjId0,subjId1] [--subjectIdentifiers= =3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--subjectId= sFile=3DfileName] [--subjectIdentifiersFile=3DfileName] [--subjectSourcesFi= le=3DfileName] [--defaultSubjectSource=3DsubjectSourceId] [--fieldName=3Dfi= eldNameToAdd] [--txType=3DGcTransactionType] [--includeGroupDetail=3Dtrue|f= alse] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNames=3Dname= 0,name1] [--replaceAllExisting=3Dtrue|false] [--disabledTime=3Dyyyy/mm/dd h= h:mi:ss] [--enabledTime=3Dyyyy/mm/dd hh:mi:ss] [--addExternalSubjectIfNotFo= und=3Dtrue|false] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Ds= ubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] = [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dva= lue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debu= g=3Dtrue] [--clientVersion=3DsomeVersion] java -jar grouperClient.jar --operation=3DgetMembersWs [--groupNames=3Da:= b:c,a:b:d] [--groupUuids=3D1234,abcd] [--fieldName=3DfieldNameToAdd] [--mem= berFilter=3DAll|Immediate|NonImmediate|Effective|Composite] [--sourceIds=3D= sourceId1,sourceId2] [--includeGroupDetail=3Dtrue|false] [--includeSubjectD= etail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1] [--actAsSubject= Id=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjectSource= =3Dsource] [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern= ] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamN= ame] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3Dso= meVersion] [--pointInTimeFrom=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3Dyyy= y/mm/dd hh:mi:ss] java -jar grouperClient.jar --operation=3DhasMemberWs [--groupName=3Da:b:= c] [groupUuid=3D123abc] [--subjectIds=3DsubjId0,subjId1] [--subjectIdentifi= ers=3DsubjIdent0,subjIdent1] [--subjectSources=3Dsource0,source1] [--subjec= tIdsFile=3DfileName] [--subjectIdentifiersFile=3DfileName] [--subjectSource= sFile=3DfileName] [--defaultSubjectSource=3DsubjectSourceId] [--fieldName= =3DfieldNameToAdd] [--memberFilter=3DGcMemberFilter] [--includeGroupDetail= =3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNam= es=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Ds= ubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] = [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dva= lue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debu= g=3Dtrue] [--clientVersion=3DsomeVersion] [--pointInTimeFrom=3Dyyyy/mm/dd h= h:mi:ss] [--pointInTimeTo=3Dyyyy/mm/dd hh:mi:ss] java -jar grouperClient.jar --operation=3DgetGroupsWs [--subjectIds=3Dsub= jId0,subjId1] [--subjectIdentifiers=3DsubjIdent0,subjIdent1] [--subjectSour= ces=3Dsource0,source1] [--subjectIdsFile=3DfileName] [--subjectIdentifiersF= ile=3DfileName] [--subjectSourcesFile=3DfileName] [--defaultSubjectSource= =3DsubjectSourceId] [--memberFilter=3DGcMemberFilter] [--includeGroupDetail= =3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttributeNam= es=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3Ds= ubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] = [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dva= lue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debu= g=3Dtrue] [--clientVersion=3DsomeVersion] [--scope=3Dsome:folder:] [--stemN= ame=3DstemNameToSearchIn] [--stemUuid=3DstemUuidToSearchIn] [--stemScope=3D= ONE_LEVEL|ALL_IN_SUBTREE] [--enabled=3DA|T|F] [--pageSize=3D100] [--pageNum= ber=3D1] [--sortString=3DdisplayName] [--ascending=3Dtrue|false] [--fieldNa= me=3Dmembers] [--pointInTimeFrom=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3D= yyyy/mm/dd hh:mi:ss] java -jar grouperClient.jar --operation=3DgroupSaveWs --name=3Da:b:c [--i= ncludeGroupDetail=3Dtrue] [--txType=3DtransactionType] [--saveMode=3DSaveMo= de] [--groupLookupName=3Da:b:c] [--groupLookupUuid=3Dsd87f-dsf87-sdf89-df78= f] [--description=3DtheDescription] [--displayExtension=3DtheDisplayExtensi= on] [--createParentStemsIfNotExist=3Dtrue|false] [--attributeName0=3DsomeNa= me] [--attributeValue0=3DsomeValue] [--attributeNameX=3DxthName] [--attribu= teValueX=3DxthValue] [--compositeType=3DCOMPLEMENT|INTERSECTION|UNION] [--l= eftGroupName=3DcompositeLeft] [--rightGroupName=3DcompositeRight] [--groupD= etailParamName0=3DparamName] [--groupDetailParamValue0=3DparamValue] [--gro= upDetailParamNameX=3DxthName] [--groupDetailParamNameX=3DxthValue] [--typeN= ames=3DnamesOfGroupTypes] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdent= ifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3Df= ileName] [--outputTemplate=3DsomePattern] [--paramName0=3Dname0] [--paramVa= lue0=3Dvalue1] [--paramNameX=3DxthParamName] [--paramValueX=3DxthParamValue= ] [--debug=3Dtrue] [--clientVersion=3DsomeVersion] java -jar grouperClient.jar --operation=3DstemSaveWs --name=3DgroupName [= --txType=3DtransactionType] [--saveMode=3DSaveMode] [--stemLookupName=3Dthe= Name] [--stemLookupUuid=3DtheUuid] [--description=3DtheDescription] [--disp= layExtension=3DtheDisplayExtension] [--createParentStemsIfNotExist=3Dtrue|f= alse] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [-= -actAsSubjectSource=3Dsource] [--saveResultsToFile=3DfileName] [--outputTem= plate=3DsomePattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--par= amNameX=3DxthParamName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [-= -clientVersion=3DsomeVersion] java -jar grouperClient.jar --operation=3DgetAttributeAssignmentsWs --att= ributeAssignType=3Dgroup|member|stem|any_mem|imm_mem|attr_def [--includeAss= ignmentsOnAssignments=3Dtrue|false] [--attributeDefNames=3Da:b,b:c] [--attr= ibuteDefUuids=3D1a,2b] [--attributeDefNameNames=3Da:b,b:c] [--attributeDefN= ameUuids=3D1a,2b] [--ownerAttributeDefNames=3Da:b,b:c] [--ownerAttributeDef= Uuids=3D1a,2b] [--ownerGroupNames=3Da:b:c,a:b:d] [--ownerGroupUuids=3D1234,= abcd] [--owner0SubjectId=3DsubjId0] [--owner0SubjectIdentifier=3DsubjIdent0= ] [--owner0SubjectSource=3Dsource0] [--ownerMembershipUuids=3Dabc,bcd] [--o= wnerStemNames=3Da:b,b:c] [--ownerStemUuids=3D1a,2b] [--ownerMembershipAny0S= ubjectId=3D12] [--ownerMembershipAny0SubjectIdentifier=3Dab] [--ownerMember= shipAny0SourceId=3Dxyz] [--ownerMembershipAny0GroupName=3D3c] [--ownerMembe= rshipAny0GroupUuid=3D1a] [--attributeAssignUuids=3Da:b,b:c] [--enabled=3DA|= T|F] [--actions=3Dread,write] [--includeGroupDetail=3Dtrue|false] [--includ= eSubjectDetail=3Dtrue|false] [--subjectAttributeNames=3Dname0,name1] [--act= AsSubjectId=3DsubjId] [--actAsSubjectIdentifier=3DsubjIdent] [--actAsSubjec= tSource=3Dsource] [--saveResultsToFile=3DfileName] [--outputTemplate=3Dsome= Pattern] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3Dxt= hParamName] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersi= on=3DsomeVersion] java -jar grouperClient.jar --operation=3DgetPermissionAssignmentsWs [--i= ncludeAttributeAssignments=3Dtrue|false] [--includeAssignmentsOnAssignments= =3Dtrue|false] [--includeAttributeDefNames=3Dtrue|false] [--includePermissi= onAssignDetail=3Dtrue|false] [--attributeDefNames=3Da:b,b:c] [--attributeDe= fUuids=3D1a,2b] [--attributeDefNameNames=3Da:b,b:c] [--attributeDefNameUuid= s=3D1a,2b] [--roleNames=3Da:b:c,a:b:d] [--roleUuids=3D1234,abcd] [--subject= 0SubjectId=3DsubjId0] [--subject0SubjectIdentifier=3DsubjIdent0] [--subject= 0SubjectSource=3Dsource0] [--enabled=3DA|T|F] [--actions=3Dread,write] [--i= ncludeGroupDetail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--su= bjectAttributeNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubj= ectIdentifier=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--pointInTimeFr= om=3Dyyyy/mm/dd hh:mi:ss] [--pointInTimeTo=3Dyyyy/mm/dd hh:mi:ss] [--immedi= ateOnly=3DT|F] [--permissionType=3Drole_subject|role] [--permissionProcesso= r=3DFILTER_REDUNDANT_PERMISSIONS|FILTER_REDUNDANT_PERMISSIONS_AND_PROCESS_L= IMITS|FILTER_REDUNDANT_PERMISSIONS_AND_ROLES|FILTER_REDUNDANT_PERMISSIONS_A= ND_ROLES_AND_PROCESS_LIMITS|PROCESS_LIMITS] [--limitEnvVarName0=3Dname0] [-= -limitEnvVarValue0=3Dvalue0] [--limitEnvVarType0=3Dinteger|decimal|date|tim= estamp|text|boolean|null|emptyString] [--limitEnvVarNameX=3DxthName] [--lim= itEnvVarValueX=3DxthValue] [--limitEnvVarTypeX=3DxthType] [--includeLimits= =3DT|F] [--saveResultsToFile=3DfileName] [--outputTemplate=3DsomePattern] [= --paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParamName= ] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3DsomeV= ersion] e.g.: java -jar grouperClient.jar --operation=3DgetPermissionAssignmentsW= s --permissionType=3Drole_subject --attributeDefNames=3Dtest:testAttributeA= ssignDefNameDef output line: Index: 0: permissionType: role_subject, role: test:someRole,= subject: 123456, attributeDefNameName: test:testPermission, action: assign= , allowedOverall: T, enabled: T java -jar grouperClient.jar --operation=3DassignPermissionsWs --permissio= nType=3Drole|role_subject --permissionAssignOperation=3Dassign_permission|r= emove_permission|replace_permissions [--permissionDefNameNames=3Da:b,b:c] [= -permissionDefNameUuids=3D1a,2b] [--roleNames=3Da:b:c,a:b:d] [--roleUuids= =3D1234,abcd] [--subjectRole0SubjectId=3D12] [--subjectRole0SubjectIdentifi= er=3Dab] [--subjectRole0SourceId=3Dxyz] [--subjectRole0RoleName=3D3c] [--su= bjectRole0RoleUuid=3D1a] [--attributeAssignUuids=3Da:b,b:c] [--actions=3Dre= ad,write] [--disallowed=3Dtrue|false] [--assignmentDisabledTime=3D2010/03/0= 5_17:05:13.123] [--assignmentEnabledTime=3D2010/03/05_17:05:13.123] [--assi= gnmentNotes=3DsomeNotes] [--delegatable=3DTRUE|FALSE|GRANT] [--includeGroup= Detail=3Dtrue|false] [--includeSubjectDetail=3Dtrue|false] [--subjectAttrib= uteNames=3Dname0,name1] [--actAsSubjectId=3DsubjId] [--actAsSubjectIdentifi= er=3DsubjIdent] [--actAsSubjectSource=3Dsource] [--saveResultsToFile=3Dfile= Name] [--outputTemplate=3DsomePattern] [--attributeDefNamesToReplace=3Da:b,= b:c] [--attributeDefUuidsToReplace=3D1a,2b] [--actionsToReplace=3Dread,writ= e] [--paramName0=3Dname0] [--paramValue0=3Dvalue1] [--paramNameX=3DxthParam= Name] [--paramValueX=3DxthParamValue] [--debug=3Dtrue] [--clientVersion=3Ds= omeVersion] output line: Index: 0: permissionType: role, owner: a:b:c, permissionDefN= ameName: test:testAttributeAssignDefName, action: assign, disallowed: T, en= abled: T, attributeAssignId: a9c83eeb78c04ae5befcea36272d318c, changed: T, = deleted: F