Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] another group privilege for hasMember?

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] another group privilege for hasMember?


Chronological Thread 
  • From: Tom Barton <>
  • To:
  • Subject: Re: [grouper-users] another group privilege for hasMember?
  • Date: Tue, 20 Mar 2012 08:40:39 -0500

This is analogous to LDAP's CMP operation (compare) being applied to the "members" attribute of a group object, used to test whether a specified DN is a member. Can the same information can be obtained using getMemberships, filtered to just the group of interest? It would be good to learn about the use case or problem your privacy officer is trying to address.

Tom

On 3/16/2012 12:24 PM, Chris Hyzer wrote:

Our privacy officer would like to grant a service access to run a hasMember query (ie. As input pass the netId and groupName) without the service being able to list the netIds of the members of the group.  Currently the group privilege “READ” grants access to both.  Just curious, do other people have a similar need or is it too fine grained?  This would not be a near term thing anyways, but just curious if we should explore adding to the long term roadmap…

 

Thanks,

Chris




Archive powered by MHonArc 2.6.16.

Top of Page