grouper-users - RE: [grouper-users] another group privilege for hasMember?
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Pål Axelsson <>, "" <>
- Subject: RE: [grouper-users] another group privilege for hasMember?
- Date: Sun, 18 Mar 2012 14:16:48 +0000
- Accept-language: en-US
Just curious, can you please explain the loop hole? Is it that different
applications would be querying different group names? Another option is a
2.1 feature where you can "decorate" subjects based on who is asking. So you
could add or remove attributes (i.e. remove all)... maybe it could work...
Thanks,
Chris
________________________________________
From: Pål Axelsson
[]
Sent: Saturday, March 17, 2012 9:35 PM
To: Chris Hyzer;
Subject: RE: [grouper-users] another group privilege for hasMember?
Hi again,
It may be done with composite groups but that leaves a possible loop hole.
The best way to do it I think is membership view privileges on each
membership depending of the user own whish. Application that need the true
membership list for access decisions needs a higher set of rights but the
same application use less rights for an membership list for viewing.
Pål
> -----Original Message-----
> From:
>
> [
> ]
> On Behalf Of Chris Hyzer
> Sent: Saturday, March 17, 2012 6:09 PM
> To: Pål Axelsson;
>
> Subject: RE: [grouper-users] another group privilege for hasMember?
>
> I think that can be accomplished with composite groups...
>
> thanks,
> Chris
> ________________________________________
> From: Pål Axelsson
> []
> Sent: Friday, March 16, 2012 4:15 PM
> To: Chris Hyzer;
>
> Subject: Re: [grouper-users] another group privilege for hasMember?
>
> Hi,
>
> Due PI we almost the same need. If a user says that he/she would not be
listed
> as a member but he/she is. For students this a legal requirement i Sweden.
>
> Pål Axelsson
>
>
> Chris Hyzer
> <>
> skrev:
>
> >Our privacy officer would like to grant a service access to run a
hasMember
> query (ie. As input pass the netId and groupName) without the service
being
> able to list the netIds of the members of the group. Currently the group
> privilege "READ" grants access to both. Just curious, do other people
have a
> similar need or is it too fine grained? This would not be a near term
thing
> anyways, but just curious if we should explore adding to the long term
> roadmap...
> >
> >Thanks,
> >Chris
- [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/16/2012
- Re: [grouper-users] another group privilege for hasMember?, Tom Barton, 03/20/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/20/2012
- Re: [grouper-users] another group privilege for hasMember?, Tom Barton, 03/20/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/20/2012
- Re: [grouper-users] another group privilege for hasMember?, Tom Barton, 03/20/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/20/2012
- <Possible follow-up(s)>
- Re: [grouper-users] another group privilege for hasMember?, Pål Axelsson, 03/16/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/17/2012
- RE: [grouper-users] another group privilege for hasMember?, Pål Axelsson, 03/17/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/18/2012
- RE: [grouper-users] another group privilege for hasMember?, Pål Axelsson, 03/17/2012
- RE: [grouper-users] another group privilege for hasMember?, Chris Hyzer, 03/17/2012
- Re: [grouper-users] another group privilege for hasMember?, Tom Barton, 03/20/2012
Archive powered by MHonArc 2.6.16.