From: Hyzer, Chris
Sent: Wednesday, January 25, 2017 9:54 AM
To: 'Ben Beecher' <firstname.lastname@example.org>
Subject: RE: [grouper-users] readonly wheel group
No you don’t, I will look at this soon for you
From: Ben Beecher email@example.com
Sent: Wednesday, January 25, 2017 9:49 AM
To: Hyzer, Chris <firstname.lastname@example.org>
Subject: Re: [grouper-users] readonly wheel group
Do I need to create a view access group for those people so they can browse everything? I thought readonly wheel included view access.
On Tue, Jan 24, 2017 at 11:13 AM, Ben Beecher <email@example.com> wrote:
They can't browse to the groups. They can search for a group and then look at the group.
On Tue, Jan 24, 2017 at 11:01 AM, Hyzer, Chris <firstname.lastname@example.org> wrote:
Does that mean they cant browse to the groups, or if they had a deep link to a group they cant read it?
From: email@example.com firstname.lastname@example.org On Behalf Of Ben Beecher
Sent: Tuesday, January 24, 2017 11:00 AM
Subject: [grouper-users] readonly wheel group
I created a readonly wheel group and added several staff members to the group. It worked fine for a while and it's not working any more. Those users don't have read access to any groups. Here is the relevant portion of the properties file:
$ cat /var/grouper/installGrouper2.3/grouper.apiBinary-2.3.0/conf/grouper.properties
- A readonly wheel group allows you to enable non-GrouperSystem subjects to act
- like a root user when reading the registry.
groups.wheel.readonly.use = true
- Set to the name of the group you want to treat as the readonly wheel group.
- The members of this group will be treated as root-like users when reading objects.
groups.wheel.readonly.group = etc:fullreadaccess