Introduction To Groups Toolkit
Grouper is a system for creating and maintaining institutional groups in a central repository. Such groups may be used for many different purposes e.g. for mailing lists, or for determining which set of people are allowed to access specific web applications, or for sharing resources. The goal is to create a group once, but use it as often as necessary in as wide a range of systems as possible.
In order to use Grouper effectively you must first understand some key concepts:
- Group
- A group represents a collection of 'items' or entities which are themselves considered to be members of the group.
- Entity
- An entity is an abstraction for any 'item' which may be a member of a group. An entity has a 'type' e.g. person or group. To specify that group B is a member of group A is to specify that all members of group B are also members of group A. In the future, other entity types may be available to define computers or applications.
- Membership
- A specific relationship between an entity and a group.
- Folder
- A folder is a name space or container in which groups exist. Folders are hierarchical
and may contain subfolders or groups. Folders can be used to
collect together related groups and provide a means of controlling access
to groups. Some examples of folders are:
- uc:faculties:artf:fren = University of Chicago> Faculties> Arts Faculty> Department of French
- uc:personal:[cnetid] = University of Chicago> Personal groups> [name]
- Privileges
- Grouper provides fine control over who can create folders and groups, who
can change the membership of a group, and who can grant privileges for specific
folders or groups to others. In fact, privileges are granted to entities. By
granting a privilege to an entity which is a group, all members of that group
are granted the privilege (for as long as they are a member of the group).
EveryEntity is a special internal entity. Any privilege granted to EveryEntity is, in effect, granted to all entities.
GrouperSysAdmin is also a special internal entity which has implicit admin privileges for folders and groups.
A SysAdmin group, if defined, conveys implicit GrouperSysAdmin privileges to its members. Members of this group, by default, act as themselves with privileges limited to those assigned to them. This UI allows SysAdmin group members to opt to Act as admin.
Creation privileges -
- Create Group
- Entity may create groups in this folder
- Create Folder
- Entity may create subfolders in this folder
Group privileges- Member
- Entity is a member of this group
- Optin
- Entity may elect to join this group
- Optout
- Entity may elect to leave this group
- View
- Entity may see that this group exists
- Read
- Entity may see the membership list for this group
- Update
- Entity may modify the membership of this group
- Admin
- Entity may modify the membership of this group, delete the group or assign privileges for the group