Grouper Users - Open Discussion List

[Jutta Biernath <>]

Hello,

I have recently introduced a group attribute via AttributeFramework which is
now already assignd to several groups. As long as a wheel group member works
with it, everything works fine. 

There are also users that have to be able to assign and handle this attribute
themselves without being member of the wheel group. For them I have edited the
group mask in the NewUI so that the can assign it if they want.  Also this
works - as long as a wheel group member does it.

For making sure that the named users can handle that too I have made them
admins of the group as well as admins of the attribute. I.e. I have given them
ALL privileges I could, at least via NewUI and LiteUI.

Now the problem: If one of the other users tries to assign this attribute via
NewUI he gets the message "Insufficient privileges". Checking the log files of
the web application I find: 

"Insufficient privilege exception for group create: 'xxx'/'person'/'xxx'
edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException:
Subject Subject id: xx, sourceId: xxx cannot groupAttrRead"

I have understood that the privilege "groupAttrRead" came along with the
upgrade to Grouper 2.2, but there seems to be no way to assign this privilege
anywhere in the UIs. In the source code I found it in AccessPrivilege.java;
can you please give me an example of how to handle that? Is it planned to
include it in one of the UIs?


Thank you,

Jutta Biernath
FU Berlin