ArcGIS API Bug in user groups property?

Hi Simon - its actually the reverse situation.  Some of my organisations members are in groups that belong to other organisations i.e groups that have been shared with our org.  Because they belong to someone elses's AGOL and my org is not admin of that group I (quite rightly) can't read the permissions of the group - however I also can't even read the groups in my org that user is a member of.  Because the users groups property is returned from the API as a list - the whole list is locked out because one group is not authorized to the users home organisation admin.  If you try to execute your code on a user that is a member of another orgs group it will fail as soon as g.title is retrieved.

I'm not sure if its a bug per se but an over simplification of the security model into python objects.  So now the only way I can get a users groups is to list the group memberships and then link that back to the user list.  Which is just a bit frustrating since its just more work around rather than a clean solution.

I just did a quick test, there was no issue.

I happen to have access to two AGOL organisations, let's say gis1 and gis2.

In gis1 I set up an account simoxu_user, and in gis2 I created a group called "Just a test" and invited simoxu_user to this group. now I am set up to do the test.

In gis1:

# the title of the shared group from gis2 org
test_g_n = 'Just a  test'

simoxu_user = gis1.users.get('simoxu_user')
list1 = [g.title for g in simoxu_user.groups]

# list all the groups that in gis1 org
org_groups = gis1.groups.search()
list2 = [g.title for g in org_groups]

# you can print list1 and list2 to visually check and compare, or use the following code if there lots of groups in the AGOL org.
 
if test_g_n in list2:
    print(f"\'{test_g_n}\' is an internal group in the AGOL Org")
else:
    print(f"\'{test_g_n}\' is an external group in the AGOL org")
    if test_g_n in list1:
        print('It can be listed for the user that the group is being shared with')
    else:
        print("It cannot be listed for the user")‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The result should be:

'Just a  test' is an external group in the AGOL org It can be listed for the user that the group is being shared with

It works for me at least. So I would suggest to contact an ESRI support to have a closer from the backstage if possible.

Thanks Simo - that narrows down a different org is fine.  I think the issue is that (in your example) I (as admin of gis1) have do not have membership of gis2 org or edit permissions (actually not membership either) of gis2's group "Just a test".  I wonder if you remove yourself from "just a test" or from gis2 entirely whether you could still execute that code?

Hi Mike, I don't have a shared accounts (named user) in two AGOL organisations, I don't feel it's possible since the username has to be unique in AGOL. As a person, I have membership in both orgs, but from the authorization point of view, I have two named users (registered using different email accounts to keep them completely separate) in AGOL, they should not be linked, and they should not authorize each other automatically...

I know it does not explain what your are experiencing, hope ESRI technician can have a look at your problem, and get the mystery solved. Good luck

Thanks for testing Simo.  I think I'll have to see what ESRI has to say.  My situation is I have users in gis 1 that have been invited to work on projects in other organisations (e.g. gis2) using their gis1 account.  It works great and really is a big step forward in collaboration workflows - I've found it really useful.  Its just that I've found that scripting reports on groups and permissions etc its now a bit more complicated.  I see if ESRI has a better way.