Investigate optionally ignoring membership inheritance for subgroups
The implementation of this will be covered in #33534 (closed) after the discovery is complete.
Problem to solve
Currently, subgroups inherit in total the members from the parent group.
While it is possible to override the members access on subgroups (for example, give master access to someone on a subgroup who has developer on the parent group), it is not possible at the moment to remove access to members on subgroups (for example, in a confidential private group, allow only members from the parent group who have some admin status to see and enter the subgroup.
Intended users
Sidney (Systems Administrator)
Constraints
- A "secret" group with no membership inheritance can't have subgroups. For example:
- Top-level group
- Subgroup A (inheritance, further nesting allowed)
- Sub-subgroup B (inheritance, further nesting allowed)
- Secret subgroup A (no inheritance, no further subgroups allowed)
- Secret subgroup B (no inheritance, no further subgroups allowed)
- Subgroup A (inheritance, further nesting allowed)
That would handle situations like #30785 (comment 215856222).
- Owners can always get inherited. If we toggle membership inheritance, there's a chance we leave Owners behind and could have a weird situation of an Owner-less group. To prevent that, allow Owners to always be inherited.
- Ignore group settings that could get complicated like 2FA, as mentioned above.
- Autocomplete/search: ignore parent groups, just query for members directly in the secret subgroup.
Links / references
https://gitlab.my.salesforce.com/0016100000KvahJ EE: https://gitlab.my.salesforce.com/00161000004bZxf https://gitlab.my.salesforce.com/0016100000KvahJ