Grouper Web Services


Assign or remove permissions.  These permissions can be on roles or subjects (in the context of a role).

You can lookup permissions to assign by attribute definition name, or attribute definition id

All assignments will be filtered for security based on the logged in or acted as user (security rules (on groups or any memberships) are on attribute framework wiki). Generally you need ATTR_UPDATE on the attributeDef of the permission, and UPDATE on the Role (group).

The returned data will include the attribute assignments and a normalized list of references (owner objects e.g. group/etc, attribute definitions, attribute names, etc), if things changed or were already assigned, etc

You can assign multiple permissions to multiple owners, actions, etc (non-lite)

permissionType is a required field (from enum PermissionType), must be: role or role_subject (for permissions assigned to a subject in the context of a role)

permissionAssignOperation is required and is the operation to perform for attribute on owners, from enum PermissionAssignOperation: assign_permission, remove_permission, replace_permissions.  In this case, assigning a permission will not assign if already there (but you can edit its metadata e.g. .


Assign permissions lite service

Assign permission assignments service