Feature #16571

Updated by Peter Amstutz 7 months ago

Customer has curators who are not admins who need to share data they manage with other groups. They need to be able to see those groups to select them without being able to see the other group's contents.

It already works this way for Users (you can see a user without gaining access to the things the user owns) but there isn't a way to achieve this behavior for groups

Some ideas:

* Workaround: create a fake user, grant can_manage, people share with the fake user

* New group_class that has the desired behavior
* "view" permission with new semantics (can view group record but follow any of its links)
* permission links specify separate permission levels for record and traversal: can read/write/manage record, can gain read/write/manage by traversing record
* "can_use_permissions" and "can_list_members" with new semantics #15372