Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1575

Attestation view/approve inaccessible for non-wheel users

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 2.3.0.patch
    • UI
    • None

    Description

      From: Redman, Chad
      Sent: Wednesday, June 28, 2017 11:44 AM
      To: grouper-users@internet2.edu
      Subject: Non-wheel privileges for attestation access

      We just had our first user get an attestation recertification email, and when they tried to certify, they reported back an error: "etc:attribute:attestation:attestation attribute doesn't exist".

      The user actually wasn't an admin for the group, but got the email because the address was explicitly set in the Email addresses field. However, in my testing using a non-wheel account, being an admin for the group is not enough. When I gave my non-wheel user admin privileges, I could reproduce the same error. The only way I could get attestation to work was to grant the user read/update on etc:attribute:attestation:attestationDef and etc:attribute:attestation:attestationValueDef. But this is not desirable, as it now allows the user to edit attestation for any group.

      Am I looking at this the wrong way?

      Thanks!
      -Chad

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: