Grouper Users - Open Discussion List

[Chris Hyzer <>]

There is a rule that will do that, assign that to some ancestor folder (with appropriate inheritance)

 

https://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Reassign+group+privileges+if+from+group

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Jeff McCullough
Sent: Monday, September 29, 2014 5:39 PM
To:
Subject: [grouper-users] group ownership

 

 

I need some insight on how to provide functionality for a basic use case. It may be that grouper permissions is the answer, though those appear to be more externally oriented. The use case is this:

 

Create a folder A that allows for group creation for department.

Assign an admin group Admin that is allowed to create folders/groups within folder A.

Add members (M1, M2, M3) to group Admin. 

Member M1 of group Admin then create a group within folder A, say group G1. 

Now Member M1 is removed from group Amin that has created a group G1 in folder A.

Members M2 and M3 still have access to make changes to the group G1 while M1 can no longer access the group G1. They can no longer create or make changes to anything within folder A unless they are specifically given those privileges, not by virtue of being in group Admin.

 

As it is (in version 2.1x), the group G1 is owned by M1 even if M1 has been removed from the group Admin. I’d rather see the group Admin as the owner since the group Admin was given the right to create folders/groups within folder A. An alternate approach might be to use a Role account and add members to it. The Role account is long lived. 

 

What is the best way to deal with the use case?

 

Thanks,

Jeff