Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] another group privilege for hasMember?

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] another group privilege for hasMember?


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Pål Axelsson <>, "" <>
  • Subject: RE: [grouper-users] another group privilege for hasMember?
  • Date: Sun, 18 Mar 2012 14:16:48 +0000
  • Accept-language: en-US

Just curious, can you please explain the loop hole? Is it that different
applications would be querying different group names? Another option is a
2.1 feature where you can "decorate" subjects based on who is asking. So you
could add or remove attributes (i.e. remove all)... maybe it could work...

Thanks,
Chris
________________________________________
From: Pål Axelsson
[]
Sent: Saturday, March 17, 2012 9:35 PM
To: Chris Hyzer;

Subject: RE: [grouper-users] another group privilege for hasMember?

Hi again,

It may be done with composite groups but that leaves a possible loop hole.
The best way to do it I think is membership view privileges on each
membership depending of the user own whish. Application that need the true
membership list for access decisions needs a higher set of rights but the
same application use less rights for an membership list for viewing.

Pål


> -----Original Message-----
> From:
>
> [
> ]
> On Behalf Of Chris Hyzer
> Sent: Saturday, March 17, 2012 6:09 PM
> To: Pål Axelsson;
>
> Subject: RE: [grouper-users] another group privilege for hasMember?
>
> I think that can be accomplished with composite groups...
>
> thanks,
> Chris
> ________________________________________
> From: Pål Axelsson
> []
> Sent: Friday, March 16, 2012 4:15 PM
> To: Chris Hyzer;
>
> Subject: Re: [grouper-users] another group privilege for hasMember?
>
> Hi,
>
> Due PI we almost the same need. If a user says that he/she would not be
listed
> as a member but he/she is. For students this a legal requirement i Sweden.
>
> Pål Axelsson
>
>
> Chris Hyzer
> <>
> skrev:
>
> >Our privacy officer would like to grant a service access to run a
hasMember
> query (ie. As input pass the netId and groupName) without the service
being
> able to list the netIds of the members of the group. Currently the group
> privilege "READ" grants access to both. Just curious, do other people
have a
> similar need or is it too fine grained? This would not be a near term
thing
> anyways, but just curious if we should explore adding to the long term
> roadmap...
> >
> >Thanks,
> >Chris



Archive powered by MHonArc 2.6.16.

Top of Page