This is in response to the request to show how to query via web service all the permissions implied by a role.

Note: this was done in 2.1.4 (candidate)  Note also, all this can be done in the UI too...

Create a session, and two attribute definitions

gsh 0% grouperSession = GrouperSession.startRootSession();
gsh 1% attributeDef = new AttributeDefSave(grouperSession).assignName("test:app0:permissionDefs:permissionDef0").assignToEffMembership(true).assignToGroup(true).assignAttributeDefType(AttributeDefType.perm).assignCreateParentStemsIfNotExist(true).save();
gsh 2% attributeDef.getAttributeDefActionDelegate().configureActionList("read,write");
gsh 3% attributeDef2 = new AttributeDefSave(grouperSession).assignName("test:app1:permissionDefs:permissionDef1").assignToEffMembership(true).assignToGroup(true).assignAttributeDefType(AttributeDefType.perm).assignCreateParentStemsIfNotExist(true).save();
gsh 4% attributeDef2.getAttributeDefActionDelegate().configureActionList("read,write, admin");

Create a few roles, add some members

gsh 5% app0role0 = new GroupSave(grouperSession).assignName("test:app0:roles:role0").assignCreateParentStemsIfNotExist(true).assignTypeOfGroup(TypeOfGroup.role).save();
gsh 6% app0role1 = new GroupSave(grouperSession).assignName("test:app0:roles:role1").assignCreateParentStemsIfNotExist(true).assignTypeOfGroup(TypeOfGroup.role).save();
gsh 7% app1role0 = new GroupSave(grouperSession).assignName("test:app1:roles:role0").assignCreateParentStemsIfNotExist(true).assignTypeOfGroup(TypeOfGroup.role).save();
gsh 8% app1role1 = new GroupSave(grouperSession).assignName("test:app1:roles:role1").assignCreateParentStemsIfNotExist(true).assignTypeOfGroup(TypeOfGroup.role).save();
gsh 9% addMember("test:app0:roles:role0", "test.subject.0");
gsh 10% addMember("test:app0:roles:role0", "test.subject.1");
gsh 11% addMember("test:app0:roles:role1", "test.subject.1");
gsh 12% addMember("test:app0:roles:role1", "test.subject.2");
gsh 13% addMember("test:app1:roles:role0", "test.subject.2");
gsh 14% addMember("test:app1:roles:role0", "test.subject.3");
gsh 15% addMember("test:app1:roles:role1", "test.subject.3");
gsh 16% addMember("test:app1:roles:role1", "test.subject.4");

Add some permissionNames

gsh 17% permissionName0_1 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app0:permissionNames:permissionName0_1").assignCreateParentStemsIfNotExist(true).save();
gsh 18% permissionName0_2 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app0:permissionNames:permissionName0_2").assignCreateParentStemsIfNotExist(true).save();
gsh 19% permissionName1_1 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app0:permissionNames:permissionName1_1").assignCreateParentStemsIfNotExist(true).save();
gsh 20% permissionName1_2 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app0:permissionNames:permissionName1_2").assignCreateParentStemsIfNotExist(true).save();
gsh 21% permissionName1_0_1 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app1:permissionNames:permissionName0_1").assignCreateParentStemsIfNotExist(true).save();
gsh 22% permissionName1_0_2 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app1:permissionNames:permissionName0_2").assignCreateParentStemsIfNotExist(true).save();
gsh 23% permissionName1_1_1 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app1:permissionNames:permissionName1_1").assignCreateParentStemsIfNotExist(true).save();
gsh 24% permissionName1_1_2 = new AttributeDefNameSave(grouperSession, attributeDef).assignName("test:app1:permissionNames:permissionName1_2").assignCreateParentStemsIfNotExist(true).save();
gsh 25% permissionName1_1_3 = new AttributeDefNameSave(grouperSession, attributeDef2).assignName("test:app1:permissionNames:permissionName1_3").assignCreateParentStemsIfNotExist(true).save();
gsh 26% permissionName1_1_4 = new AttributeDefNameSave(grouperSession, attributeDef2).assignName("test:app1:permissionNames:permissionName1_4").assignCreateParentStemsIfNotExist(true).save();

Assign some role and individual permissions

gsh 27% app0role0.getPermissionRoleDelegate().assignRolePermission("read", permissionName0_1);
gsh 28% app0role0.getPermissionRoleDelegate().assignRolePermission("write", permissionName1_1_1);
gsh 29% app1role1.getPermissionRoleDelegate().assignRolePermission("read", permissionName1_1_2);
gsh 30% app1role1.getPermissionRoleDelegate().assignRolePermission("read", permissionName1_0_2);
gsh 31% app0role0.getPermissionRoleDelegate().assignSubjectRolePermission("admin", permissionName1_1_4, SubjectFinder.findById("test.subject.0", true));
gsh 32% app0role0.getPermissionRoleDelegate().assignSubjectRolePermission("write", permissionName1_0_1, SubjectFinder.findById("test.subject.0", true));
gsh 33% app0role1.getPermissionRoleDelegate().assignSubjectRolePermission("read", permissionName0_2, SubjectFinder.findById("test.subject.1", true));
gsh 34% app1role1.getPermissionRoleDelegate().assignSubjectRolePermission("write", permissionName1_0_1, SubjectFinder.findById("test.subject.4", true));

Now, lets query via web service to find permission assignments assigned to a role

java -jar grouperClient.jar --operation=getPermissionAssignmentsWs --permissionType=role --roleNames=test:app0:roles:role0

XML to server:

<WsRestGetPermissionAssignmentsRequest>
  <permissionType>role</permissionType>
  <roleLookups>
    <WsGroupLookup>
      <groupName>test:app0:roles:role0</groupName>
    </WsGroupLookup>
  </roleLookups>
</WsRestGetPermissionAssignmentsRequest>

XML from server:

<WsGetPermissionAssignmentsResults>
  <wsAttributeDefs>
    <WsAttributeDef>
      <extension>permissionDef0</extension>
      <name>test:app0:permissionDefs:permissionDef0</name>
      <uuid>33c0b3263a1c42ae861990012192310b</uuid>
      <attributeDefType>perm</attributeDefType>
      <multiAssignable>F</multiAssignable>
      <multiValued>F</multiValued>
      <valueType>marker</valueType>
    </WsAttributeDef>
  </wsAttributeDefs>
  <wsPermissionAssigns>
    <WsPermissionAssign>
      <action>read</action>
      <permissionType>role</permissionType>
      <attributeDefNameId>4d81aebc539148c1908ac2f1485ad530</attributeDefNameId>
      <attributeDefNameName>test:app0:permissionNames:permissionName0_1
      </attributeDefNameName>
      <attributeDefId>33c0b3263a1c42ae861990012192310b</attributeDefId>
      <attributeDefName>test:app0:permissionDefs:permissionDef0</attributeDefName>
      <enabled>T</enabled>
      <attributeAssignId>c474dabd2d01482ba287910ea6929407</attributeAssignId>
      <roleId>b6979607f4be43038df280208521d021</roleId>
      <roleName>test:app0:roles:role0</roleName>
      <allowedOverall>T</allowedOverall>
      <disallowed>F</disallowed>
    </WsPermissionAssign>
    <WsPermissionAssign>
      <action>write</action>
      <permissionType>role</permissionType>
      <attributeDefNameId>7051d0aac8894e2cb05f4f00a14b1bb0</attributeDefNameId>
      <attributeDefNameName>test:app1:permissionNames:permissionName1_1
      </attributeDefNameName>
      <attributeDefId>33c0b3263a1c42ae861990012192310b</attributeDefId>
      <attributeDefName>test:app0:permissionDefs:permissionDef0</attributeDefName>
      <enabled>T</enabled>
      <attributeAssignId>9a183f124e8d4c1492931ebfa77165cc</attributeAssignId>
      <roleId>b6979607f4be43038df280208521d021</roleId>
      <roleName>test:app0:roles:role0</roleName>
      <allowedOverall>T</allowedOverall>
      <disallowed>F</disallowed>
    </WsPermissionAssign>
  </wsPermissionAssigns>
  <resultMetadata>
    <resultCode>SUCCESS</resultCode>
    <resultMessage>, Found 2 results.  </resultMessage>
    <success>T</success>
  </resultMetadata>
  <responseMetadata>
    <resultWarnings></resultWarnings>
    <millis>28208</millis>
    <serverVersion>2.1.4</serverVersion>
  </responseMetadata>
  <wsGroups>
    <WsGroup>
      <extension>role0</extension>
      <typeOfGroup>role</typeOfGroup>
      <displayExtension>role0</displayExtension>
      <displayName>test:app0:roles:role0</displayName>
      <name>test:app0:roles:role0</name>
      <uuid>b6979607f4be43038df280208521d021</uuid>
    </WsGroup>
  </wsGroups>
  <wsSubjects />
</WsGetPermissionAssignmentsResults>

sdf