View
214
Download
0
Category
Tags:
Preview:
Citation preview
Grouper TrainingDevelopers and Architects
Web Services - Part 5
Chris Hyzer
Internet2
University of Pennsylvania
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Contents
• Introduction• Operations (Part 4)• Add/delete member• Get members• Has member• Get memberships• Group save/delete• Find groups• Stem save/delete• Find stems
• Operations (Part 5)• Get subjects• Get/assign privileges• Get/assign attributes• Get/assign permissions• Member change subject• Attribute name
save/delete• Find attributes• Attribute inheritance
3
Introduction to WS for developers
4
Get subjects
Get subjects from searching by id or identifier or search string
• wsSubjectLookups are subjects to look for• searchString free form string query• sourceIds are sources to look in for memberships, or null if
all• wsGroupLookup specify a group if the subjects must be in
the group• fieldName is if the memberships should be retrieved from a
certain field membership of the group (certain list)• wsMemberFilter: All, Effective, Immediate, Composite,
NonImmediate
5
Get Grouper privileges
get grouper privileges for a group or folder (Lite only)• subjectLookup is the subject to filter privileges by• groupLookup points to the group if group privileges are
being queried• stemLookup points to the folder if folder privielges are
being queried• privilegeType (e.g. "access" for groups and "naming" for
stems)• privilegeName (e.g. for groups: read, view, update,
admin, optin, optout. e.g. for stems: stem, create)
6
Assign Grouper privileges
(un)assign a privilege• wsSubjectLookups: subjects to assign privileges• wsGroupLookup: owner of privilege if for groups• wsStemLookup if stem privilege, this is the stem• replaceAllExisting T or F if replacing all who have the
privilege• privilegeType access=groups, naming=stems• privilegeNames read, view, update, admin, etc• allowed is T to allow privilege, F to deny
7
Get attribute assignments
• Attribute assign type• Assign lookups (ids)• Attribute def lookups• Attr def name lookups• Actions• Include metadata• Enabled?• Value type• Value
• Various owner lookups:• Group• Folder• Member• Membership• Attr assignment
Find attribute assignments based on criteria
8
Assign attributes
• Attribute assign type• Assign lookups (ids)• Attr def name lookups• Actions• (Un)enabled dates• Value type• Value• Assign / add / replace /
remove
• Various owner lookups:• Group• Folder• Member• Membership• Attr assignment
Assign or unassign attributes and values
9
Assign attributes batch
• Pass in attribute assignments (similar to operation "assign attributes")
• Pass in multiple assignment operations in one operations
• Can back-reference assignments in same batch (to assignment metadata on assignments)
• Can set transaction type
10
Get permissions assignments
• Can calculate limits• Attribute def lookups• Attr def name
lookups• Actions• Include limits?• Enabled?
• Role lookups• Subject lookups• Include detail?• Point in time query• Immediate only?• Permission type
Find permissions/limits based on criteria
11
Assign permissions
• Assign to users or roles
• Perm name lookup• Assign/replace/
remove• Assignment notes• (Un)enabled time
• User/role lookups• Role lookups• Actions• Delegatable?• Allowed?
Assign or unassign permissions
12
Member change subject
• Change the subject that a member points to• Pass in the old subject and new subject• Can delete unused member record if
applicable
13
Attribute name save
Create or edit attributeDefName / permissionName• Attribute Def lookup• Parent folder lookup• Display name• System name• Description• Can batch, can use transaction
14
Attribute name delete
Delete attributeDefName / permissionName• Attribute definition name lookup• Can batch• Transaction type
15
Find attribute definition name
Search for attribute definition names / permission names
• Scope• Split scope• Attribute def lookup• Assign type• Attribute def type
• Attribute definition name lookups
• Paging• Sorting• Permission
inheritance type
16
Attribute def name inheritance
(Un)assign attribute def name (permission name) inheritance
• Owner attribute def name lookup• Related attribute def name lookups• Assign?• Replace?• Transaction type
17
Quiz
• Click on the quiz link in the video description to reinforce your knowledge of this topic
Thanks!
Further information:
•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
•Grouper demo server:grouperdemo.internet2.edu/
•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18
Recommended