Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] read privileges

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] read privileges

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Jeff McCullough <>, Grouper-Users <>
  • Subject: RE: [grouper-users] read privileges
  • Date: Tue, 21 Jul 2015 06:12:36 +0000
  • Accept-language: en-US

You are right, you need READ to add a group as a member to another group (or
privilege). I tried it on the admin, lite, and new UI and couldn’t add a
group I only had VIEW on. Can you make sure that GrouperAll doesn’t have
READ, and send me some screenshots of the privs and the user doing the add of
a group they only have VIEW on? If User X grants a user who has READ on a
group access to update group B, and that user adds group B as a member of the
group, then yes, anyone who has read on group B but not the group added will
be able to read the members of the group added. This is a feature :) When
you add a group to another group, you are essentially delegating READ access
sort of (mostly)


-----Original Message-----

On Behalf Of Jeff McCullough
Sent: Monday, July 20, 2015 8:12 PM
To: Grouper-Users
Subject: [grouper-users] read privileges

I’ve noticed that read privileges are not carried if a group is added to
another group. For example, if I create a group A, and assign view
privileges, another user X can see the group name but not the membership.
That makes sense. If I add a couple people to the group, and then have user X
create a group B, then add group A to it. User X can now see the members of
group A as indirect members in group B. If user X clicks on the group A
within the membership of group B though, they are told they can’t see the
membership because they don’t have the correct privileges. So on the one hand
they can actually see the membership of group A (as indirect members in group
B), but not if they try to open the group directly. Shouldn’t it be


Archive powered by MHonArc 2.6.16.

Top of Page