grouper-users - RE: [grouper-users] attribute security
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Scott Koranda <>, Grouper Users Mailing List <>
- Subject: RE: [grouper-users] attribute security
- Date: Tue, 19 Oct 2010 12:12:28 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Good point. Either we can change this, or we can perhaps add another
privilege in addition to UPDATE and ADMIN, e.g. READ_ATTR, UPDATE_ATTR on a
group.
Yeah, this is the same for a stem. Any chance you can get up and running the
way it is, and we can adjust it in 2.0? :)
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Scott Koranda
Sent: Tuesday, October 19, 2010 11:43 AM
To: Grouper Users Mailing List
Subject: [grouper-users] attribute security
Hi,
On this page
https://spaces.internet2.edu/display/GrouperWG/Grouper+attribute+framework
I read this:
"In order to perform operations on attributes, more security
is needed on the underlying objects. For example, to assign
an attribute to a group, you need ATTR_UPDATE on the attribute
and ADMIN on the group."
Does "assign an attribute" include assiging an attribute
value?
If so, I am surprised that ADMIN on the group is necessary and
UPDATE is not sufficient. I would like to give entities the
ability to update or set the value of an attribute on the
group without giving them the ability to delete the group.
Does the same hold true for stems?
Thanks,
Scott
- [grouper-users] attribute security, Scott Koranda, 10/19/2010
- RE: [grouper-users] attribute security, Chris Hyzer, 10/19/2010
- Re: [grouper-users] attribute security, Scott Koranda, 10/19/2010
- RE: [grouper-users] attribute security, Chris Hyzer, 10/19/2010
Archive powered by MHonArc 2.6.16.