Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Delegation on group administration

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Delegation on group administration

Chronological Thread 
  • From: Gagné Sébastien <>
  • To: "Chris Hyzer" <>, <>
  • Subject: [grouper-users] RE: Delegation on group administration
  • Date: Wed, 29 Aug 2012 13:27:40 -0400

Hello again,

I’ve read these pages and did some coding, but I have another question:

-          What happens if there are more than one rule the could be applied to a group that have opposite results


My example, stem with groups :


-          Admins

-          groupA

-          groupB


I want to create a “Inherited privileges on folders” rule on stemA to give admin right on the all the groups contained in stemA, except for the group Admins which I only want update right. It would look something like this for a member of the Admins group :



-          Admins (read, update)

-          groupA (read, admin)

-          groupB (read, admin)


I thought of adding another rule based on the Group name “Admins” but I as understand, rules are unordered, so the “give only update right” rule might trigger before the “give admin right” which would overwrite the limited privileges.





De : Chris Hyzer [mailto:]
Envoyé : 15 août 2012 13:58
À : Gagné Sébastien;
Objet : RE: Delegation on group administration


Look at rules and see if that works…


Look at the inherited privileges ones:





From: On Behalf Of Gagné Sébastien
Sent: Wednesday, August 15, 2012 1:10 PM
Subject: [grouper-users] Delegation on group administration



We have a use case here where each department have their own admins. These admin should be able to manage everything (i.e. full control) under their department’s stem/folder/OU, including subfolder and Groups. From what I read this should be a trivial task in Grouper but I cannot seem to find the attributes/properties for it.


What we already have :


-          deptA-admins

-          Courses

o   2012-PHY101

-          Groups

o   AppA-Users



-          deptB-admins

-          Courses

-          Groups


We need “deptA-admin” to be able to create groups and folder in adRoot:deptA and also in every existing and new stems (e.g. Courses and Groups), right now if I assign “create group” and “create folder” it only stays on the same level.  We also need members of “deptA-admins” to have admin rights on all the groups in the stem and sub-stems (e.g. deptA-admins, 2012-PHY101, AppA-Users …). Right now I haven’t found anything that does that except to manually add the admin group to each group.


Basically, I need to give each department full control on all objects from their base stem to the whole tree under it.


Thanks for your help.



Sébastien Gagné,     | Analyste en informatique

514-343-6111 x33844  | Université de Montréal,

                     | Pavillon Roger-Gaudry, local X-100-11


Archive powered by MHonArc 2.6.16.

Top of Page