grouper-dev - RE: [grouper-dev] RE: Assigning attribute value requires Def Update priv?
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: John Gasper <>, "" <>
- Subject: RE: [grouper-dev] RE: Assigning attribute value requires Def Update priv?
- Date: Mon, 19 Oct 2015 19:00:13 +0000
- Accept-language: en-US
|
No, UPDATE means assign. ADMIN means rename, and edit properties. Similar to groups. UPDATE means change membership, but you cant rename it or change metadata or whatever From: John Gasper [mailto:]
Hi Chris, I guess I don’t follow… If I have attributeDef "etc:attribute:myDef", and I want users to be able to assign it to their groups, I’d think that I’d grant them “view” or maybe “read”.
Wouldn’t “update” allow them to change the underlying properties of the attributeDef… the name, the type, multi-value, etc?? Thanks. -- John Gasper From:
<> on behalf of Chris Hyzer <> Yes. You don’t want any user to be able to assign any attribute to objects they own right?
J if so for an attribute assign grouperAll to update of that AttributeDef. Ok?
J Thanks, Chris From:
[]
On Behalf Of John Gasper Hi Devs, I’ve got some code that assigns a value to an attribute on a group. It appears that Grouper requires that the user has Update on the AttributeDef/Name in order
to add a value (and likely adding the attribute def/name to the target Group for the initial invocation). Here’s the trace… edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException: Subject Subject id: jsmith, sourceId: ldap cannot update attributeDef etc:attribute:provisioningTargets:google:googleProvisioningTargetDef, Problem calling method groupEditAttributesSubmit on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2GroupProvisioningTarget at edu.internet2.middleware.grouper.attr.assign.AttributeAssignGroupDelegate.assertCanUpdateAttributeDefName(AttributeAssignGroupDelegate.java:129) at edu.internet2.middleware.grouper.attr.assign.AttributeAssignBaseDelegate.internal_assignAttributeHelper(AttributeAssignBaseDelegate.java:488) at edu.internet2.middleware.grouper.attr.assign.AttributeAssignBaseDelegate.assignAttribute(AttributeAssignBaseDelegate.java:466) at edu.internet2.middleware.grouper.attr.assign.AttributeAssignBaseDelegate.assignAttribute(AttributeAssignBaseDelegate.java:455) at edu.internet2.middleware.grouper.attr.assign.AttributeAssignBaseDelegate.assignAttributeByName(AttributeAssignBaseDelegate.java:548) at edu.internet2.middleware.grouper.attr.assign.AttributeAssignBaseDelegate.assignAttributeByName(AttributeAssignBaseDelegate.java:183) at edu.internet2.middleware.grouper.attr.value.AttributeValueDelegate.assignValue(AttributeValueDelegate.java:71) As soon as I assigned the Update priv to the Def it worked. Does assigning an attributeDef/Name to a group require Update on the Attribute Def? Is that intended? -- John Gasper |
- Re: [grouper-dev] RE: Assigning attribute value requires Def Update priv?, John Gasper, 10/19/2015
- RE: [grouper-dev] RE: Assigning attribute value requires Def Update priv?, Chris Hyzer, 10/19/2015
- Re: [grouper-dev] RE: Assigning attribute value requires Def Update priv?, John Gasper, 10/19/2015
- RE: [grouper-dev] RE: Assigning attribute value requires Def Update priv?, Chris Hyzer, 10/19/2015
Archive powered by MHonArc 2.6.16.