none
Allow assistants to request group membership on behalf of other users RRS feed

  • Question

  • Hi,

    I have a requirement whereby a user's assistant (and only their assistant) can request group membership for that user on their behalf. For example, if UserA has an assistant called UserB, then UserB should be able to request membership to any group on behalf of UserA (by adding them to the ExplicitMember attribute in the group)

    To do this, I created an MPR and selected the Requestor as "Relative To Resource", and the value I supplied in there was "Assistant". It grants permission to Add a value to multivalued attribute, with the target set of "All Groups", with permissions to All Attributes (just to keep things simple for now). To keep things simple for now, I'm not covering Owner approval groups, these are open groups I'm experimenting with. finally, I also disabled the inbuilt MPR "Group management workflow: Validate requestor on add member to open group" so that it doesn't try and authorize the requestor.

    Now, when I login as UserB and open any Security Group, the "Members to Add" field is not writeable, which means that my MPR didn't get triggered. If I change the MPR from Assistant to the set of "All People" as requestors, then this works fine.

    My question then is, why is the MPR not getting triggered? The other idea I had in mind was to make a set of all Assistants and grant that set the rights, but I dont know of a way of making a set of all assistants.

    Thanks in advance



    • Edited by kmittal82 Thursday, August 14, 2014 2:12 PM
    Thursday, August 14, 2014 2:07 PM

Answers

  • The "relative to resource" setting applies to the object being edited, which in this case is the group.

    This means that if you had a *group* with an attribute "Assistant" whose value is UserB, UserB would be able to edit members of that group...

    As far as I know there is no out of the box solution for this. What were you doing in the custom workflow you mention?


    Paolo Tedesco - http://cern.ch/idm

    • Marked as answer by kmittal82 Tuesday, September 2, 2014 8:39 AM
    Monday, September 1, 2014 11:30 AM

All replies