Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
RHEL6 Linux, Grouperv2.2
Description
My goal is to have a folder, "app", that contains a subfolder, "etc" with 2 groups "admins" and "viewers". Members of "admins should be able to create groups and folders under "app", add/remove members, etc. Members of "viewers" should only be able to view memberships and privs on groups under "app".
I am using the `inheritGroupPrivileges` rules for both of the groups on the "app" stem, as well as the "normalizeInheritedPermissions" rule on the "app" stem. It seems to work like expect in simple scenarios.
Instead of adding members directly to the "admins" and "viewers" groups, I added groups to them. For example, my account is in group "foo" and I add "foo" to "admins".
When I create a new group in "app", "admins" and "viewers" have the proper permissions, but "foo" is also a direct member, which I did not expect.
I'm not sure why it appears, but I suspect it has something to do with how the "normalizeInheritedPermissions" rule works.