On Thu, Jun 8, 2017 at 3:01 PM, Karl Fiabeschi <[hidden email]> wrote:
> 2017-06-08 23:48 GMT+02:00 Mike Jumper <[hidden email]>:
>> Only the creator of a group (or the administrator) will be able to create
>> or delete connections therein.
> As design choice?
When a user creates an object (whether that be a connection,
connection group, or other user), the database authentication
automatically grants that user READ, UPDATE, DELETE, and ADMINISTER
permission on that object. When you explicitly grant permission for
connection or connection group by checking the box next to it in the
admin UI, you are actually only granting READ permission.
The CREATE_CONNECTION, CREATE_CONNECTION_GROUP, etc. permissions
control the ability to create such objects, but whether that object
can be created within an existing connection group depends also on the
permissions granted for that group. The only exception here is a user
with system-level ADMINISTER permission, as that permission implies