Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Non-wheel privileges for attestation access

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Non-wheel privileges for attestation access

Chronological Thread 
  • From: "Redman, Chad" <>
  • To: "" <>
  • Subject: [grouper-users] Non-wheel privileges for attestation access
  • Date: Wed, 28 Jun 2017 15:43:42 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
  • Ironport-phdr: 9a23:ZZTYChOJeGcUKZ+5ZP4l6mtUPXoX/o7sNwtQ0KIMzox0K/XyrarrMEGX3/hxlliBBdydsK0UzbeO+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6a8TWO6mtYFQ/4KBJ4PKHoAYPIlOy20fy/4Zvef18OiTagK/smIw+xsB3crIwLmoZ4MY4wzAfEuH1FZ74QyG91cwG9hRH5s42K8ZJm+iIU89kh/sIKGfHxf600eqZVADEvNUgo4satuBXeG1jcrkAAW3kbx0IbSzPO6wv3C8/8
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

We just had our first user get an attestation recertification email, and when they tried to certify, they reported back an error: "etc:attribute:attestation:attestation attribute doesn't exist".


The user actually wasn't an admin for the group, but got the email because the address was explicitly set in the Email addresses field. However, in my testing using a non-wheel account, being an admin for the group is not enough. When I gave my non-wheel user admin privileges, I could reproduce the same error. The only way I could get attestation to work was to grant the user read/update on etc:attribute:attestation:attestationDef and etc:attribute:attestation:attestationValueDef. But this is not desirable, as it now allows the user to edit attestation for any group.


Am I looking at this the wrong way?









  • [grouper-users] Non-wheel privileges for attestation access, Redman, Chad, 06/28/2017

Archive powered by MHonArc 2.6.19.

Top of Page