Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] View only access to audit log

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] View only access to audit log


Chronological Thread 
  • From: Michael R Gettes <>
  • To: Chris Hyzer <>
  • Cc: Jeffrey Crawford <>, Gouper Users List <>
  • Subject: Re: [grouper-users] View only access to audit log
  • Date: Fri, 5 Aug 2016 15:56:00 -0400

Okay, I just had a chat with my InfoSec folks and I think I am narrowing down to what we want.

If you could provide a property grouper.GroupCanSeeAnyAudit and have this apply to the UI and to WebServices and if InfoSecPersonA is in that group then key can view the audit in the UI for any group, that would solve one problem.  The other is to have WebService calls allowing for the read of Audit as well which would be applied to this same group. No, I haven’t checked to see if there are any WS calls in support of checking Audit for a group.  I hope this exists.  If this could be done then I will withdraw my request for new privs.  Does this make sense?

On the positive, at least I am trying to provide reasonable requirements.  If you want me to get more specific, I can try to do so.

/mrg

On Aug 5, 2016, at 1:57 PM, Hyzer, Chris <> wrote:

Let me just explore some other options…  J
 
How about:
 
1.       If a user has UPDATE then they can see audits?
2.       If a user can READ ATTRIBUTES then they can see audits?
3.       If a user can UPDATE ATTRIBUTES then they can see audits?
 
I know ideally it would be separate, but is one of those close enough?   J  Just trying to find a reasonable alternative…
 
Thanks
Chris
 
From: Michael R Gettes [] 
Sent: Friday, August 05, 2016 1:50 PM
To: Hyzer, Chris <>
Cc: Jeffrey Crawford <>; Gouper Users List <>
Subject: Re: [grouper-users] View only access to audit log
 
There are plenty of cases where all the users of the group can READ the group - we don’t want them to see Audit.
 
/mrg
 
On Aug 5, 2016, at 1:48 PM, Hyzer, Chris <> wrote:
 
Can it be the same as READ?  There is overhead to adding new privileges would be nice to reuse is possible…
 
From: Michael R Gettes [] 
Sent: Friday, August 05, 2016 12:37 PM
To: Hyzer, Chris <>
Cc: Jeffrey Crawford <>; Gouper Users List <>
Subject: RE: [grouper-users] View only access to audit log
 
+1.  I'd like to see a separate audit view priv and admin implies audit view.
/mrg
 
On Aug 5, 2016 12:35 PM, "Hyzer, Chris" <> wrote:
We don’t have a privilege for that.  What do you want?  All readers to be able to see all audits for all groups?  Something different?
 
From:  [] On Behalf Of Jeffrey Crawford
Sent: Friday, August 05, 2016 12:31 PM
To: Gouper Users List <>
Subject: [grouper-users] View only access to audit log
 
Is there a way to allow view only access to the audit log, so far I've only found that a user must be admin to view it. Is there another way?

Jeffrey E. Crawford
Enterprise Service Team
 
Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------




Archive powered by MHonArc 2.6.19.

Top of Page