Menu
▾
▴
Re: [Unity-idm-discuss] Group administrator role
|
From: Sander A. <sa....@fz...> - 2020-08-12 05:12:41
|
Dear Krzysztof, at the moment we delegated (via UpMan) the management of /ABC. If we create further subgroups /ABC/DEF and ABC/GHI (via UpMan) and set user2 as admin in /ABC/DEF as admin (via UpMan), user2 is also admin in /ABC and /ABC/GHI. I had a look in our email exchange and we did not defined it in this way. We just defined that it should be possible to add additional administrators. What was the planned design during the implementation? Cheers, Sander On Tue, 2020-08-11 at 20:37 +0200, Krzysztof Benedyczak wrote: > Sander, > > W dniu 11.08.2020 o 09:39, Sander Apweiler pisze: > > Dear Krzysztof, > > we encountered an issue with the group administrator role. If I > > remember correctly we did not cover the case where we have > > dedicated > > managers for subgroups. At the moment the group administrator is > > administrators of all subgroups and the maingroup itself. > > > > We have now reqeusts for the groupmanagement where multiple > > subgroups > > are managed by dedicated people but they should not have the > > administrator privileges in upper groups. > > > > E.g. > > user1 is admin of /ABC and everything below. > > user2 is admin of /ABC/DEF and everything below but not of /ABC and > > /ABC/GHI > > user3 is admin of /ABC/GHI and everything below but not of /ABC and > > /ABC/DEF > > > > Is it possible to adopt the group administrator role in the way > > that it > > is only granted downwards in the tree and not upwards? > > Upman was supposed to address exactly this use case. E.g. /ABC/DEF > should be delegated (UpMan enabled) and user2 be project's admin. > Then > it will have management capabilities also in /ABC/DEF/whatever but > not > in say /ABC or /ABC/GHI. > > If you want some more "management capabilities" then extending upman > is > the way to proceed. > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
