There is a rule that will do that, assign that to some ancestor
folder (with appropriate inheritance)
https://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Reassign+group+privileges+if+from+group
Thanks,
Chris
From:
[mailto:] On Behalf Of
Jeff McCullough
Sent: Monday, September 29, 2014 5:39 PM
To:
Subject: [grouper-users] group ownership
I need some insight on how to provide functionality for a basic use
case. It may be that grouper permissions is the answer, though
those appear to be more externally oriented. The use case is
this:
Create a folder A that allows for group creation for
department.
Assign an admin group Admin that is allowed to create
folders/groups within folder A.
Add members (M1, M2, M3) to group Admin.
Member M1 of group Admin then create a group within folder A, say
group G1.
Now Member M1 is removed from group Amin that has created a group
G1 in folder A.
Members M2 and M3 still have access to make changes to the group G1
while M1 can no longer access the group G1. They can no longer
create or make changes to anything within folder A unless they are
specifically given those privileges, not by virtue of being in
group Admin.
As it is (in version 2.1x), the group G1 is owned by M1 even if M1
has been removed from the group Admin. I’d rather see the group
Admin as the owner since the group Admin was given the right to
create folders/groups within folder A. An alternate approach might
be to use a Role account and add members to it. The Role account is
long lived.
What is the best way to deal with the use case?
