grouper-users - Re: [grouper-users] admin privileges but not membership?
Subject: Grouper Users - Open Discussion List
List archive
- From: Scott Koranda <>
- To: Tom Barton <>
- Cc: "" <>
- Subject: Re: [grouper-users] admin privileges but not membership?
- Date: Mon, 26 Jan 2009 10:05:55 -0600
> Yes, that is supported. Just don't give member "privs" to the admin, or
> remove it if it's there.
>
> Of course, an admin can always add themselves to the group as a member, if
> they choose. If what you want is to prohibit an admin from doing so, you
> can
> use composites along these lines:
>
> group1: admin-maintained
> group2: members are group1 admins
> group3:= group1 - group2
>
> Group3 is used to protect access to the resource. Just be sure that no
> group1 admins are also admins for group3.
>
> Does this help?
Yes, thanks. Both your response and Gary's are helpful.
Cheers,
Scott
>
> Tom
>
> Scott Koranda wrote:
> > Is it possible for a subject (a person in particular) to have
> > admin privileges for a group but not be a member of the group?
> > The specific use case is this: a subject wants to be able to
> > manage the membership of a group (add and remove other
> > subjects) but not be a member of the group and therefore not
> > show up in the 'hasMember' and 'member' attributes in the
> > groups reflection into our LDAP server. We use ldappc to
> > provision from Grouper into the LDAP server.
> > I would be grateful for suggestions on how best to support
> > that use case.
> > Scott
- admin privileges but not membership?, Scott Koranda, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, GW Brown, Information Systems and Computing, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, Tom Barton, 01/26/2009
- Re: [grouper-users] admin privileges but not membership?, Scott Koranda, 01/26/2009
Archive powered by MHonArc 2.6.16.