Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1575

Attestation view/approve inaccessible for non-wheel users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.3.0.patch
    • Fix Version/s: None
    • Component/s: UI
    • Labels:
      None

      Description

      From: Redman, Chad
      Sent: Wednesday, June 28, 2017 11:44 AM
      To: grouper-users@internet2.edu
      Subject: Non-wheel privileges for attestation access

      We just had our first user get an attestation recertification email, and when they tried to certify, they reported back an error: "etc:attribute:attestation:attestation attribute doesn't exist".

      The user actually wasn't an admin for the group, but got the email because the address was explicitly set in the Email addresses field. However, in my testing using a non-wheel account, being an admin for the group is not enough. When I gave my non-wheel user admin privileges, I could reproduce the same error. The only way I could get attestation to work was to grant the user read/update on etc:attribute:attestation:attestationDef and etc:attribute:attestation:attestationValueDef. But this is not desirable, as it now allows the user to edit attestation for any group.

      Am I looking at this the wrong way?

      Thanks!
      -Chad

        Attachments

          Activity

            People

            • Assignee:
              mchyzer Chris Hyzer
              Reporter:
              cer28 Chad Redman
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: