I have a system, where the data governed by (A)AD groups. How do I create personal user sandboxes that the user can grant permission to to another user, only if that user that has access to the originating data?
I can hear myself that this sounds a bit obscure, so I will demonstrate with an example:
We have three users: user_1, user_2 and user_3
We have two ad groups: group_a and group_b
We have two tables: tabel_a and table_b
user_1 and user_2 are in group_a with access to table_a. user_3 is in group_b with access to table_b. user_1 creates a new table, table_a1, from table_a. I want user_1 to be able to grant permission to table_a1 to user_2, but to user_3.
Is this possible? How do I set it up, if so?
