grouper-users - [grouper-users] Non-wheel privileges for attestation access
Subject: Grouper Users - Open Discussion List
List archive
- From: "Redman, Chad" <>
- To: "" <>
- Subject: [grouper-users] Non-wheel privileges for attestation access
- Date: Wed, 28 Jun 2017 15:43:42 +0000
- Accept-language: en-US
- Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=unc.edu;
- Ironport-phdr: 9a23:ZZTYChOJeGcUKZ+5ZP4l6mtUPXoX/o7sNwtQ0KIMzox0K/XyrarrMEGX3/hxlliBBdydsK0UzbeO+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6a8TWO6mtYFQ/4KBJ4PKHoAYPIlOy20fy/4Zvef18OiTagK/smIw+xsB3crIwLmoZ4MY4wzAfEuH1FZ74QyG91cwG9hRH5s42K8ZJm+iIU89kh/sIKGfHxf600eqZVADEvNUgo4satuBXeG1jcrkAAW3kbx0IbSzPO6wv3C8/8
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
We just had our first user get an attestation recertification email, and when they tried to certify, they reported back an error: "etc:attribute:attestation:attestation attribute doesn't exist". The user actually wasn't an admin for the group, but got the email because the address was explicitly set in the Email addresses field. However, in my testing using a non-wheel account, being an admin for the group is not enough. When I
gave my non-wheel user admin privileges, I could reproduce the same error. The only way I could get attestation to work was to grant the user read/update on etc:attribute:attestation:attestationDef and etc:attribute:attestation:attestationValueDef. But this
is not desirable, as it now allows the user to edit attestation for any group. Am I looking at this the wrong way? Thanks! -Chad |
- [grouper-users] Non-wheel privileges for attestation access, Redman, Chad, 06/28/2017
Archive powered by MHonArc 2.6.19.