In Grouper 2.3+ there is support for privileges inheritance in the new UI.
There are 6 screens to control and view inherited privileges.
View or assign inherited privileges in a folder
On a folder screen, if you are an ADMIN (and you can manage inherited privileges, see below), you can click "More -> Privileges inherited to objects in folder"
Click "Add members" to add a new inherited privilege
Select a member and the type to "Assign to" (which could be multiple types at once)
You can delete direct inherited privileges (which are assigned to this folder). To delete inherited indirect entries, click on that folder and delete from there
View inherited privileges that affect a group
If you are an ADMIN of a group and can view inherited privileges, pull a group up on the UI and click "More -> This group's privileges inherited from folders"
View inherited privileges that affect a folder
If you are an ADMIN of a folder and can view inherited privileges, pull a folder up on the UI and click "More -> This folder's privileges inherited from ancestor folders"
Privileges required to manage inherited privileges
This section describes who is allowed to view or assign inherited privileges.
In order to see rules configuration for inherited privileges on the UI, you need to be able to be an admin (stemAdmin) on a folder which is affected by the rule. If you want fewer people to be able to see the rule, you can set this in grouper.properties. Note, you dont need to be able to read attributes on the assigned (parent or ancestor folder) to be able to see the privilege inheritance. You also do not need privileges on rule attributes. If you want to require rules attributes privileges set this in the grouper-ui.properties.
# if this is true you dont even need to be able to uiV2.privilegeInheritanceDoesntRequireRulesPrivileges = false
If that is set to false, then to see the inherited privileges, you need to be able to READ the two attributeDefs for rules type and attributes
sfd