grouper-users - Re: [grouper-users] admin privileges but not membership?
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Barton <>
- To: Scott Koranda <>
- Cc: "" <>
- Subject: Re: [grouper-users] admin privileges but not membership?
- Date: Mon, 26 Jan 2009 09:59:27 -0600
Yes, that is supported. Just don't give member "privs" to the admin, or remove it if it's there.
Of course, an admin can always add themselves to the group as a member, if they choose. If what you want is to prohibit an admin from doing so, you can use composites along these lines:
group1: admin-maintained
group2: members are group1 admins
group3:= group1 - group2
Group3 is used to protect access to the resource. Just be sure that no group1 admins are also admins for group3.
Does this help?
Tom
Scott Koranda wrote:
Is it possible for a subject (a person in particular) to have
admin privileges for a group but not be a member of the group?
The specific use case is this: a subject wants to be able to
manage the membership of a group (add and remove other
subjects) but not be a member of the group and therefore not
show up in the 'hasMember' and 'member' attributes in the
groups reflection into our LDAP server. We use ldappc to
provision from Grouper into the LDAP server.
I would be grateful for suggestions on how best to support
that use case.
Scott
- admin privileges but not membership?, Scott Koranda, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, GW Brown, Information Systems and Computing, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, Tom Barton, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, Scott Koranda, 01/26/2009
Archive powered by MHonArc 2.6.16.