"Get grouper privileges" will retrieve the privileges for a subject and or (group or stem). If you dont specify the privilege name, you will get all permissions for the user and or (group or stem). If you specify the subject, (group or stem) and privilege you are looking for, you will get also get the response in the return code (which is an HTTP header). You must specify a subject or stem or group. You cannot specify a group and a stem at once.
Example grouper client output
C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=aStem:aGroup Index 0: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: admin Index 1: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: read Index 2: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: update Index 3: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: view Index 4: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperAll: access: read Index 5: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperAll: access: view Index 6: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: admin Index 7: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: read Index 8: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: update Index 9: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: view Index 10: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin Index 11: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: read Index 12: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: view C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --subjectId=10021368 Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem Index 2: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: create Index 3: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: stem Index 4: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: admin Index 5: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: read Index 6: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: update Index 7: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: view Index 8: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: admin Index 9: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: read Index 10: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: update Index 11: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: view Index 12: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: admin Index 13: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: read Index 14: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: update Index 15: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: view Index 16: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: admin Index 17: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: read Index 18: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: update Index 19: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: view Index 20: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: admin Index 21: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: read Index 22: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: update Index 23: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: view Index 24: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: admin Index 25: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: read Index 26: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: update Index 27: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: view Index 28: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: admin Index 29: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: read Index 30: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: update Index 31: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: view Index 32: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: admin Index 33: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: read Index 34: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: update Index 35: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: view Index 36: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: admin Index 37: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: read Index 38: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: update Index 39: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: view Index 40: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: admin Index 41: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: read Index 42: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: update Index 43: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: view C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem Index 2: success: T: code: SUCCESS: stem: aStem: subject: GrouperSystem: naming: stem Index 3: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: create Index 4: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: stem C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --subjectId=10021368 --privilegeType=naming Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem Index 2: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: create Index 3: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: stem C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem --privilegeName=create Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create Index 1: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: create C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem --privilegeName=create --subjectId=10021368 Index 0: success: T: code: SUCCESS_ALLOWED: stem: aStem: subject: 10021368: naming: create |
Here is an example to get all groups a user has UPDATE on... note, you would need to call again for ADMIN as well since admins can update, and calling credential needs to be all powerful or have ADMIN on whatever groups are intended to be returned
[mchyzer@flash pennGroupsClient-2.6.0]$ java -jar grouperClient-2.6.19.jar --operation=getGrouperPrivilegesLiteWs --subjectIdentifier=kwilso --privilegeName=update --debug=true Reading resource: grouper.client.properties, from: /home/mchyzer/grouper/pennGroupsClient-2.6.0/grouper.client.properties WebService: connecting as user: 'fast/medley.isc-seo.upenn.edu' WebService: connecting to URL: 'https://server.school.edu/grouperWs/servicesRest/2.6.19/grouperPrivileges' ################ REQUEST START (indented) ############### POST /grouperWs/servicesRest/2.6.19/grouperPrivileges HTTP/1.1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxx User-Agent: Jakarta Commons-HttpClient/3.1 Host: grouperWs.apps.upenn.edu:-1 Content-Length: 97 Content-Type: application/json; charset=UTF-8 { "WsRestGetGrouperPrivilegesLiteRequest":{ "subjectIdentifier":"kwilso", "privilegeName":"update" } } ################ REQUEST END ############### ################ RESPONSE START (indented) ############### HTTP/1.1 200 OK Date: Thu, 16 Feb 2023 20:25:45 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 814 Connection: close Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Strict-Transport-Security: max-age=15768000 X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE { "WsGetGrouperPrivilegesLiteResult":{ "resultMetadata":{ "success":"T", "resultCode":"SUCCESS" }, "responseMetadata":{ "serverVersion":"2.6.19", "millis":"7862" }, "privilegeResults":[ { "revokable":"T", "wsGroup":{ "extension":"testGroup", "displayName":"test:testGroup", "description":"testGroup", "alternateName":"testdd:testGroupdd", "uuid":"dbfa18c3-a025-47b6-a9a0-be5ac02e8270", "enabled":"T", "displayExtension":"testGroup", "name":"test:testGroup", "typeOfGroup":"group", "idIndex":"197979" }, "ownerSubject":{ "sourceId":"pennperson", "success":"T", "name":"Katherine R Wilson", "resultCode":"SUCCESS", "id":"89505485" }, "allowed":"T", "wsSubject":{ "sourceId":"pennperson", "identifierLookup":"kwilso", "success":"T", "name":"Katherine R Wilson", "resultCode":"SUCCESS", "id":"89505485" }, "privilegeType":"access", "privilegeName":"update" } ] } } ################ RESPONSE END ############### Output template: Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}, available variables: wsGetGrouperPrivilegesLiteResult, grouperClientUtils, resultMetadata, index, wsGrouperPrivilegeResult, wsSubject, wsGroup, wsStem, objectType, objectName Index 0: success: T: code: SUCCESS: group: test:testGroup: subject: 89505485: access: update Elapsed time: 9589ms [mchyzer@flash pennGroupsClient-2.6.0]$ |