View Source

Description

"Get grouper privileges" will retrieve the privileges for a subject and or (group or stem). If you dont specify the privilege name, you will get all permissions for the user and or (group or stem). If you specify the subject, (group or stem) and privilege you are looking for, you will get also get the response in the return code (which is an HTTP header). You must specify a subject or stem or group. You cannot specify a group and a stem at once.

Features

Will only get the privileges the user (or actAs) is allowed to see
Lookup subjects/members by subject lookup (by id, source, identifier, etc)
Lookup groups/stems by group lookup or stem lookup (name or uuid)
Returns subject information of the subject
Returns the group or stem information
Can actAs another user

Get grouper privileges Lite service

Accepts one subject and one group or stem lookup
Documentation: SOAP (click on getGrouperPrivileges), REST (click on getGrouperPrivileges)
For REST, a request body is required (probably via POST)
REST request (colon is escaped to %3A): GET /grouper-ws/servicesRest/v1_4_000/grouperPrivileges
(see documentation above for details): Request object, response object
Response codes
Samples (all files with "Lite" in them, click on "download" to see file)

Example grouper client output

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=aStem:aGroup
Index 0: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: admin
Index 1: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: read
Index 2: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: update
Index 3: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: view
Index 4: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperAll: access: read
Index 5: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperAll: access: view
Index 6: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: admin
Index 7: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: read
Index 8: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: update
Index 9: success: T: code: SUCCESS: group: aStem:aGroup: subject: GrouperSystem: access: view
Index 10: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin
Index 11: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: read
Index 12: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: view

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --subjectId=10021368
Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create
Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem
Index 2: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: create
Index 3: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: stem
Index 4: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: admin
Index 5: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: read
Index 6: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: update
Index 7: success: T: code: SUCCESS: group: aStem:aGroup: subject: 10021368: access: view
Index 8: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: admin
Index 9: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: read
Index 10: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: update
Index 11: success: T: code: SUCCESS: group: aStem:activeEmployee: subject: 10021368: access: view
Index 12: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: admin
Index 13: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: read
Index 14: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: update
Index 15: success: T: code: SUCCESS: group: aStem:activeStudent: subject: 10021368: access: view
Index 16: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: admin
Index 17: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: read
Index 18: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: update
Index 19: success: T: code: SUCCESS: group: etc:sysadmingroup: subject: 10021368: access: view
Index 20: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: admin
Index 21: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: read
Index 22: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: update
Index 23: success: T: code: SUCCESS: group: etc:webServiceActAsGroup: subject: 10021368: access: view
Index 24: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: admin
Index 25: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: read
Index 26: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: update
Index 27: success: T: code: SUCCESS: group: etc:webServiceClientUsers: subject: 10021368: access: view
Index 28: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: admin
Index 29: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: read
Index 30: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: update
Index 31: success: T: code: SUCCESS: group: penn:etc:sysAdminGroup: subject: 10021368: access: view
Index 32: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: admin
Index 33: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: read
Index 34: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: update
Index 35: success: T: code: SUCCESS: group: penn:etc:userInterfaceUsers: subject: 10021368: access: view
Index 36: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: admin
Index 37: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: read
Index 38: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: update
Index 39: success: T: code: SUCCESS: group: penn:etc:webServiceActAsGroup: subject: 10021368: access: view
Index 40: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: admin
Index 41: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: read
Index 42: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: update
Index 43: success: T: code: SUCCESS: group: penn:etc:webServiceClientUsers: subject: 10021368: access: view

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem
Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create
Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem
Index 2: success: T: code: SUCCESS: stem: aStem: subject: GrouperSystem: naming: stem
Index 3: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: create
Index 4: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: stem

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --subjectId=10021368 --privilegeType=naming
Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create
Index 1: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: stem
Index 2: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: create
Index 3: success: T: code: SUCCESS: stem: aStem:aStem0: subject: 10021368: naming: stem

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem --privilegeName=create
Index 0: success: T: code: SUCCESS: stem: aStem: subject: 10021368: naming: create
Index 1: success: T: code: SUCCESS: stem: aStem: subject: test.subject.0: naming: create

C:\temp>java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --stemName=aStem --privilegeName=create --subjectId=10021368
Index 0: success: T: code: SUCCESS_ALLOWED: stem: aStem: subject: 10021368: naming: create

Here is an example to get all groups a user has UPDATE on... note, you would need to call again for ADMIN as well since admins can update, and calling credential needs to be all powerful or have ADMIN on whatever groups are intended to be returned

[mchyzer@flash pennGroupsClient-2.6.0]$ java -jar grouperClient-2.6.19.jar --operation=getGrouperPrivilegesLiteWs --subjectIdentifier=kwilso --privilegeName=update --debug=true
Reading resource: grouper.client.properties, from: /home/mchyzer/grouper/pennGroupsClient-2.6.0/grouper.client.properties
WebService: connecting as user: 'fast/medley.isc-seo.upenn.edu'
WebService: connecting to URL: 'https://server.school.edu/grouperWs/servicesRest/2.6.19/grouperPrivileges'

################ REQUEST START (indented) ###############

POST /grouperWs/servicesRest/2.6.19/grouperPrivileges HTTP/1.1
Connection: close
Authorization: Basic xxxxxxxxxxxxxxxx
User-Agent: Jakarta Commons-HttpClient/3.1
Host: grouperWs.apps.upenn.edu:-1
Content-Length: 97
Content-Type: application/json; charset=UTF-8

{
  "WsRestGetGrouperPrivilegesLiteRequest":{
    "subjectIdentifier":"kwilso",
    "privilegeName":"update"
  }
}

################ REQUEST END ###############



################ RESPONSE START (indented) ###############

HTTP/1.1 200 OK
Date: Thu, 16 Feb 2023 20:25:45 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 814
Connection: close
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Strict-Transport-Security: max-age=15768000
X-Grouper-resultCode: SUCCESS
X-Grouper-success: T
X-Grouper-resultCode2: NONE

{
  "WsGetGrouperPrivilegesLiteResult":{
    "resultMetadata":{
      "success":"T",
      "resultCode":"SUCCESS"
    },
    "responseMetadata":{
      "serverVersion":"2.6.19",
      "millis":"7862"
    },
    "privilegeResults":[
      {
        "revokable":"T",
        "wsGroup":{
          "extension":"testGroup",
          "displayName":"test:testGroup",
          "description":"testGroup",
          "alternateName":"testdd:testGroupdd",
          "uuid":"dbfa18c3-a025-47b6-a9a0-be5ac02e8270",
          "enabled":"T",
          "displayExtension":"testGroup",
          "name":"test:testGroup",
          "typeOfGroup":"group",
          "idIndex":"197979"
        },
        "ownerSubject":{
          "sourceId":"pennperson",
          "success":"T",
          "name":"Katherine R Wilson",
          "resultCode":"SUCCESS",
          "id":"89505485"
        },
        "allowed":"T",
        "wsSubject":{
          "sourceId":"pennperson",
          "identifierLookup":"kwilso",
          "success":"T",
          "name":"Katherine R Wilson",
          "resultCode":"SUCCESS",
          "id":"89505485"
        },
        "privilegeType":"access",
        "privilegeName":"update"
      }
    ]
  }
}

################ RESPONSE END ###############


Output template: Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}, available variables: wsGetGrouperPrivilegesLiteResult, grouperClientUtils, resultMetadata, index, wsGrouperPrivilegeResult, wsSubject, wsGroup, wsStem, objectType, objectName
Index 0: success: T: code: SUCCESS: group: test:testGroup: subject: 89505485: access: update
Elapsed time: 9589ms
[mchyzer@flash pennGroupsClient-2.6.0]$