On delete group, SAM error message, reported in Terra, is misleading about group in group

[mbookman]

Reproducible test case:

In Terra:

1. Create a group: deleteable-test-group
2. Create a workspace: deleteable-workspace
3. Share deleteable-workspace with deleteable-test-group as Readers
4. Try to delete the group deleteable-test-group

You will get an error message here:

Error deleting group
Error 409: group deleteable-test-group cannot be deleted because it is a member of
at least 1 other group
Source: sam

The error message here may be accurate from a SAM perspective, but in the Terra UI it is a little confusing. In the example above, the user group created is NOT a member of another group; it is a member of a workspace.

Not sure if SAM can provide a better error message:

Error 409: group deleteable-test-group cannot be deleted because it is a member of
at least 1 other group, workspace, or billing project

or

Error 409: group deleteable-test-group cannot be deleted because it is a member of:

workspace: deleteable-workspace

or something to that effect. Not sure if in all cases providing the specific named workspace, billing account, authorization domain would be information leakage. As Admin of the group, would someone else's use of the group prevent me from deleting the group? How would I chase down the user(s) of the group so that I could clean it up?

[melissachang]

+1, it would be nice if error said what group/resource deleteable-test-group is in. I think the only way to find out is to run sql against SAM db.