Details
-
New Feature
-
Resolution: Fixed
-
Minor
-
None
-
None
Description
From: Hyzer, Chris
Sent: Wednesday, January 25, 2017 9:54 AM
To: 'Ben Beecher' <beecher@columbia.edu>
Cc: grouper-users@internet2.edu
Subject: RE: [grouper-users] readonly wheel group
No you don’t, I will look at this soon for you
Thanks
Chris
From: Ben Beecher beecher@columbia.edu
Sent: Wednesday, January 25, 2017 9:49 AM
To: Hyzer, Chris <mchyzer@isc.upenn.edu>
Cc: grouper-users@internet2.edu
Subject: Re: [grouper-users] readonly wheel group
Chris,
Do I need to create a view access group for those people so they can browse everything? I thought readonly wheel included view access.
Ben
On Tue, Jan 24, 2017 at 11:13 AM, Ben Beecher <beecher@columbia.edu> wrote:
Hi Chris,
They can't browse to the groups. They can search for a group and then look at the group.
Ben
On Tue, Jan 24, 2017 at 11:01 AM, Hyzer, Chris <mchyzer@isc.upenn.edu> wrote:
Does that mean they cant browse to the groups, or if they had a deep link to a group they cant read it?
Thanks
Chris
From: grouper-users-request@internet2.edu grouper-users-request@internet2.edu On Behalf Of Ben Beecher
Sent: Tuesday, January 24, 2017 11:00 AM
To: grouper-users@internet2.edu
Subject: [grouper-users] readonly wheel group
I created a readonly wheel group and added several staff members to the group. It worked fine for a while and it's not working any more. Those users don't have read access to any groups. Here is the relevant portion of the properties file:
$ cat /var/grouper/installGrouper2.3/grouper.apiBinary-2.3.0/conf/grouper.properties
- A readonly wheel group allows you to enable non-GrouperSystem subjects to act
- like a root user when reading the registry.
groups.wheel.readonly.use = true
- Set to the name of the group you want to treat as the readonly wheel group.
- The members of this group will be treated as root-like users when reading objects.
groups.wheel.readonly.group = etc:fullreadaccess
Ben