Grouper TrainingDevelopers and Architects

Web Services - Part 5

Chris Hyzer

Internet2

University of Pennsylvania

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

2

Contents

• Introduction• Operations (Part 4)• Add/delete member• Get members• Has member• Get memberships• Group save/delete• Find groups• Stem save/delete• Find stems

• Operations (Part 5)• Get subjects• Get/assign privileges• Get/assign attributes• Get/assign permissions• Member change subject• Attribute name

save/delete• Find attributes• Attribute inheritance

3

Introduction to WS for developers

4

Get subjects

Get subjects from searching by id or identifier or search string

• wsSubjectLookups are subjects to look for• searchString free form string query• sourceIds are sources to look in for memberships, or null if

all• wsGroupLookup specify a group if the subjects must be in

the group• fieldName is if the memberships should be retrieved from a

certain field membership of the group (certain list)• wsMemberFilter: All, Effective, Immediate, Composite,

NonImmediate

5

Get Grouper privileges

get grouper privileges for a group or folder (Lite only)• subjectLookup is the subject to filter privileges by• groupLookup points to the group if group privileges are

being queried• stemLookup points to the folder if folder privielges are

being queried• privilegeType (e.g. "access" for groups and "naming" for

stems)• privilegeName (e.g. for groups: read, view, update,

admin, optin, optout. e.g. for stems: stem, create)

6

Assign Grouper privileges

(un)assign a privilege• wsSubjectLookups: subjects to assign privileges• wsGroupLookup: owner of privilege if for groups• wsStemLookup if stem privilege, this is the stem• replaceAllExisting T or F if replacing all who have the

privilege• privilegeType access=groups, naming=stems• privilegeNames read, view, update, admin, etc• allowed is T to allow privilege, F to deny

7

Get attribute assignments

• Attribute assign type• Assign lookups (ids)• Attribute def lookups• Attr def name lookups• Actions• Include metadata• Enabled?• Value type• Value

• Various owner lookups:• Group• Folder• Member• Membership• Attr assignment

Find attribute assignments based on criteria

8

Assign attributes

• Attribute assign type• Assign lookups (ids)• Attr def name lookups• Actions• (Un)enabled dates• Value type• Value• Assign / add / replace /

remove

• Various owner lookups:• Group• Folder• Member• Membership• Attr assignment

Assign or unassign attributes and values

9

Assign attributes batch

• Pass in attribute assignments (similar to operation "assign attributes")

• Pass in multiple assignment operations in one operations

• Can back-reference assignments in same batch (to assignment metadata on assignments)

• Can set transaction type

10

Get permissions assignments

• Can calculate limits• Attribute def lookups• Attr def name

lookups• Actions• Include limits?• Enabled?

• Role lookups• Subject lookups• Include detail?• Point in time query• Immediate only?• Permission type

Find permissions/limits based on criteria

11

Assign permissions

• Assign to users or roles

• Perm name lookup• Assign/replace/

remove• Assignment notes• (Un)enabled time

• User/role lookups• Role lookups• Actions• Delegatable?• Allowed?

Assign or unassign permissions

12

Member change subject

• Change the subject that a member points to• Pass in the old subject and new subject• Can delete unused member record if

applicable

13

Attribute name save

Create or edit attributeDefName / permissionName• Attribute Def lookup• Parent folder lookup• Display name• System name• Description• Can batch, can use transaction

14

Attribute name delete

Delete attributeDefName / permissionName• Attribute definition name lookup• Can batch• Transaction type

15

Find attribute definition name

Search for attribute definition names / permission names

• Scope• Split scope• Attribute def lookup• Assign type• Attribute def type

• Attribute definition name lookups

• Paging• Sorting• Permission

inheritance type

16

Attribute def name inheritance

(Un)assign attribute def name (permission name) inheritance

• Owner attribute def name lookup• Related attribute def name lookups• Assign?• Replace?• Transaction type

17

Quiz

• Click on the quiz link in the video description to reinforce your knowledge of this topic

Thanks!

Further information:

•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper

•Grouper demo server:grouperdemo.internet2.edu/

•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18