Note: Carefully review and test all scripts in a test environment before running in prod. You are liable for scripts that you run.
Assign group memberships and privileges like another user
If you want to add a user to all the groups another user is in, you can generate GSH scripts via SQL. Note, this is an oracle script, for mysql you will need to change the || to "concat()". Also, the pagesize and linesize settings are oracle specific. You can omit or replace for other dbs. This will work for 1.4 and 1.5
Group memberships (note, adjust "someExistingSubjectId", and "someNewSubjectId"):
Code Block |
---|
set pagesize 10000 set linesize 1000 select 'addMember("' || gmv.GROUP_NAME || '", "someNewSubjectId", FieldFinder.find("' || gmv.LIST_NAME || '"));' as command from grouper_memberships_v gmv where gmv.subject_id = 'someExistingSubjectId' AND gmv.membership_TYPE = 'immediate' and list_type = 'list'; |
Take the output of that, which looks like this:
Code Block |
---|
addMember("test:stem:whatever:group", "someNewSubjectId", FieldFinder.find("members")); addMember("school:hey:there:folder:group2", "someNewSubjectId", FieldFinder.find("members")); |
Put that in a file called script.txt, and should put this at the top: GrouperSession.startRootSession();
Then run like this: gsh.sh script.txt
For group privileges, adjust for subjectIds and run this query (again, for mysql, use concat instead of ||):
Code Block |
---|
select 'grantPriv("' || gmv.GROUP_NAME || '", "someNewSubjectId", ' || gmv.list_name || ');' as command from grouper_memberships_v gmv where gmv.subject_id = 'someExistingSubjectId' AND gmv.membership_TYPE = 'immediate' and list_type = 'access'; |
Put the output in a script file, and add these lines to the top:
Code Block |
---|
GrouperSession.startRootSession(); readers = AccessPrivilege.READ; updaters = AccessPrivilege.UPDATE; admins = AccessPrivilege.ADMIN; viewers = AccessPrivilege.VIEW; optins = AccessPrivilege.OPTIN; optouts = AccessPrivilege.OPTOUT; grantPriv("test:stem:whatever:group1", "someNewSubjectId", viewers); grantPriv("test:stem:whatever:group2", "someNewSubjectId", viewers); grantPriv("test:stem:whatever:group3", "someNewSubjectId", readers); grantPriv("test:stem:whatever:group4", "someNewSubjectId", viewers); |
Run the script like this: gsh.sh script.txt
For stem privileges adjust for subjectIds and run this query (again, for mysql, use concat instead of ||):
Code Block |
---|
select 'grantPriv("' || gmv.STEM_NAME || '", "someNewSubjectId", ' || gmv.list_name || ');' as command from grouper_memberships_v gmv where gmv.subject_id = 'someExistingSubjectId' AND gmv.membership_TYPE = 'immediate' and list_type = 'naming'; |
Put the output in a script file, and add these lines to the top:
Code Block |
---|
GrouperSession.startRootSession(); creators = NamingPrivilege.CREATE; stemmers = NamingPrivilege.STEM; grantPriv("test:stem:whatever:stem1", "someNewSubjectId", creators); grantPriv("test:stem:whatever:stem2", "someNewSubjectId", creators); grantPriv("test:stem:whatever:stem3", "someNewSubjectId", creators); |
Run the script like this: gsh.sh script.txt
Delete an attribute by deleting all assignments of attribute
Note, the long for loop needs all text on one line. This was run on Grouper 1.4
Code Block |
---|
C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin>gsh Using GROUPER_HOME: C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin\.. Using GROUPER_CONF: C:\mchyzer\isc\dev\grouper_v1_4\grouper\bin\../conf Using JAVA: "c:\dev_inst\java/bin/java" using MEMORY: 64m-512m ... Type help() for instructions gsh 0% typeAdd("testType"); type: 'testType' gsh 2% typeAddAttr("testType", "typeAttr", AccessPrivilege.READ, AccessPrivilege.ADMIN, false); attribute: 'typeAttr' gsh 3% groupAddType("test:test1", "testType") true gsh 5% setGroupAttr("test:test1", "typeAttr", "whatever") true gsh 7% groupAddType("test:test2", "testType") true gsh 9% setGroupAttr("test:test2", "typeAttr", "whatever2") true gsh 11% for(theGroup : GrouperDAOFactory.getFactory().getGroup().findAllByApproximateAttr("typeAttr", "%")) { System.out .println(theGroup.getName()); theGroup.deleteAttribute("typeAttr"); } test:test1 test:test2 gsh 12% typeDelField("testType", "typeAttr"); true |
All groups that use groups as members
This will find all groups that use groups as members. Useful for when you are deleting a stem and subgroups. If the groups in the stem are used elsewhere, it will show the relationships (this works in grouper 1.4):
Code Block |
---|
select group_parent.name parent_name, gf.NAME , group_member.NAME member_name from grouper_groups_v group_parent, grouper_groups_v group_member, grouper_memberships gm, grouper_members gmember, grouper_fields gf where group_parent.GROUP_ID = gm.OWNER_ID and gm.member_id = gmember.ID and gmember.SUBJECT_ID = group_member.GROUP_ID and group_member.NAME like 'penn:community:employee:orgs:%' and gf.ID = gm.FIELD_ID; |