Grouper Users - Open Discussion List

[Michael R Gettes <>]

Okay, I just had a chat with my InfoSec folks and I think I am narrowing down to what we want.

If you could provide a property grouper.GroupCanSeeAnyAudit and have this apply to the UI and to WebServices and if InfoSecPersonA is in that group then key can view the audit in the UI for any group, that would solve one problem.  The other is to have WebService calls allowing for the read of Audit as well which would be applied to this same group. No, I haven’t checked to see if there are any WS calls in support of checking Audit for a group.  I hope this exists.  If this could be done then I will withdraw my request for new privs.  Does this make sense?

On the positive, at least I am trying to provide reasonable requirements.  If you want me to get more specific, I can try to do so.

/mrg

On Aug 5, 2016, at 1:57 PM, Hyzer, Chris <> wrote:

Let me just explore some other options…  J

 

How about:

 

1.       If a user has UPDATE then they can see audits?

2.       If a user can READ ATTRIBUTES then they can see audits?

3.       If a user can UPDATE ATTRIBUTES then they can see audits?

 

I know ideally it would be separate, but is one of those close enough?   J  Just trying to find a reasonable alternative…

 

Thanks

Chris

 

From: Michael R Gettes [] 
Sent: Friday, August 05, 2016 1:50 PM
To: Hyzer, Chris <>
Cc: Jeffrey Crawford <>; Gouper Users List <>
Subject: Re: [grouper-users] View only access to audit log

 

There are plenty of cases where all the users of the group can READ the group - we don’t want them to see Audit.

 

/mrg

 

On Aug 5, 2016, at 1:48 PM, Hyzer, Chris <> wrote:

 

Can it be the same as READ?  There is overhead to adding new privileges would be nice to reuse is possible…

 

From: Michael R Gettes [] 
Sent: Friday, August 05, 2016 12:37 PM
To: Hyzer, Chris <>
Cc: Jeffrey Crawford <>; Gouper Users List <>
Subject: RE: [grouper-users] View only access to audit log

 

+1.  I'd like to see a separate audit view priv and admin implies audit view.

/mrg

 

On Aug 5, 2016 12:35 PM, "Hyzer, Chris" <> wrote:

We don’t have a privilege for that.  What do you want?  All readers to be able to see all audits for all groups?  Something different?

 

From:  [] On Behalf Of Jeffrey Crawford
Sent: Friday, August 05, 2016 12:31 PM
To: Gouper Users List <>
Subject: [grouper-users] View only access to audit log

 

Is there a way to allow view only access to the audit log, so far I've only found that a user must be admin to view it. Is there another way?

Jeffrey E. Crawford
Enterprise Service Team

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------