Hi,
I have a requirement whereby a user's assistant (and only their assistant) can request group membership for that user on their behalf. For example, if UserA has an assistant called UserB, then UserB should be able to request membership to any group on behalf of UserA (by adding them to the ExplicitMember attribute in the group)
To do this, I created an MPR and selected the Requestor as "Relative To Resource", and the value I supplied in there was "Assistant". It grants permission to Add a value to multivalued attribute, with the target set of "All Groups", with permissions to All Attributes (just to keep things simple for now). To keep things simple for now, I'm not covering Owner approval groups, these are open groups I'm experimenting with. finally, I also disabled the inbuilt MPR "Group management workflow: Validate requestor on add member to open group" so that it doesn't try and authorize the requestor.
Now, when I login as UserB and open any Security Group, the "Members to Add" field is not writeable, which means that my MPR didn't get triggered. If I change the MPR from Assistant to the set of "All People" as requestors, then this works fine.
My question then is, why is the MPR not getting triggered? The other idea I had in mind was to make a set of all Assistants and grant that set the rights, but I dont know of a way of making a set of all assistants.
Thanks in advance