Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-3897

User having read/update on a group should be able to see group names that are members even without view privilege on them

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • 2.6.8
    • API, UI
    • None

    Description

      If a user has READ + UPDATE on a group, and a group is a member of that group, but the user doesn't have READ or VIEW on that member group, they can see the members of that group indirectly, but not the group name itself.
       

      In the screenshot above, a user needs to attest the group, but can only see the indirect members, not the direct group member. They can't determine whether that group is appropriate in order to attest to it.

      Should it be assumed that if a user has read and update on a group, they should be able to see the names of member groups? This would probably affect the API and WS as well, not just the UI. The current behavior also affects visualization, where it shows the group having members, but doesn't include the source group that is the source of those members.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: