Grouper Users - Open Discussion List

[Tom Barton <>]

Kathryn Huxtable wrote:
> I know I can make two groups with view but without read and let an arbitrary
> user create a compound group with those two groups. When the user does that,
> though, the user is able to see the indirect membership of the resultant
> group.
>
> Is there a way I can prevent this? It has to do with privacy issues and
> such.

Don't give READ to the composite group. Now, the person who forms the 
composite, using UPDATE or ADMIN priv for the composite, will 
necessarily have READ. If you don't want them to see the indirect 
membership, you'll also need to remove their ADMIN or UPDATE in order to 
remove their READ after the composite has been formed.

If your wicket is sticky enough, and you can't expose the membership of 
this private group even during the process of forming a composite in 
which it's a factor, you can create an empty group as a stand-in for the 
private group that the composite creator uses to form the composite. 
After the composite is formed, redefine READ over the composite 
appropriately, and only then make the real private group a subgroup of 
the stand-in group. Think "separation of duties".

Tom