Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Non-deletable admin?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Non-deletable admin?

Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>, Grouper Users Mailing List <>
  • Subject: RE: [grouper-users] Non-deletable admin?
  • Date: Mon, 20 Apr 2009 09:01:40 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

You have a group called groupA.
The admin is JohnSmith, add that person to the admin list for groupA.
Then you have securityGroupA who can admin groupA. Add ScottJohnson and
AmyWilliams to securityGroupA (member list). Then add securityGroupA to the
readers and updaters for groupA. Then also add securityGroupA to the readers
and updaters of securityGroupA.

Now the people who maintain that group (Amy and Scott), can edit the list of
groupA, and they can edit the list of who can edit the list (change the
membership of securityGroupA), but they cannot remove the superadmin (John),
and they cannot do bad things like rename the group. If you have a couple of
superadmins, then make that a group too so you can add another John without
editing a bunch of groups...

Sound good?


> -----Original Message-----
> From: Loris Bennett
> [mailto:]
> Sent: Monday, April 20, 2009 4:58 AM
> To: Grouper Users Mailing List
> Subject: [grouper-users] Non-deletable admin?
> Hi,
> As I understand it, anyone with the 'admin' privilege for a group can
> remove any member or privilege within that groups. Is there any way of
> creating a 'superadmin' who cannot be removed by people with the
> 'admin'
> privilege?
> A usecase might be a research group in which the leader of the group
> would be the 'superadmin'. He/She then delegates the actual work of
> maintaining the group to two people who both have the 'admin'
> privilege.
> The admins do all the work, stand in for each other, and get replaced
> every so often. The superadmin only really needs to step in when both
> admins leave at the same time.
> The group leader could just be an admin and delegate via the update
> privilege, but then still has to manage the updaters, which he or she
> might prefer also to delegate.
> Cheers
> Loris
> --
> Dr. Loris Bennett (Mr.)
> Freie Universität Berlin
> ZEDAT - Zentraleinrichtung für Datenverarbeitung / Computer Center
> Compute & Media Service
> Fabeckstr. 32, Room 221
> D-14195 Berlin
> Tel ++49 30 838 51024
> Fax ++49 30 838 56721
> Email
> Web

Archive powered by MHonArc 2.6.16.

Top of Page