Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] FERPA Suppression of user entries

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] FERPA Suppression of user entries

Chronological Thread 
  • From: Tom Barton <>
  • To: Thomas M Goerger <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] FERPA Suppression of user entries
  • Date: Tue, 02 Dec 2008 09:11:14 -0600


Looking back at the earlier thread, it seems you were concerned not just with FERPA, but a more general situation in which a Subject is marked as being "suppressed" and users need clearance to be able to view their personal information. It wasn't specific to grouper, except that grouper provides yet another way that personal info of suppressed Subjects might be viewed.

You also said that you want suppressed Subjects to be able to be added to or removed from groups by an uncleared user.

It sounds as though, if there were VIEW and READ for Subjects (not Groups), you'd want to restrict READ on suppressed Subjects to cleared users, but let everyone have VIEW, so that even suppressed Subjects can be referred to. Evidently there would be at least some identifiable info about even suppressed Subjects that could be used to manage their memberships by uncleared users, while other Subject info would only be disclosed to a user with READ for that Subject.

Before delving into how to meet such requirements, can you confirm or clarify whether this description describes your needs?


Chris Hyzer wrote:
We have been considering this issue, not sure if it is being slated
for 1.5 or not...

I understand that we don't want just everyone to see that the
subjectId or name of a student is in a certain group, but Im unsure
how it would work...

Do you have a vision for how you would answer these questions?

1. Remind me again the use case, why would you give someone list
access to a group where seeing the partial list would help them...
why not only give list access to people who are allowed? Maybe
grouper should default to not give read/list access to anything...
isn't that a more natural fit for universities? Or am I just
paranoid? :)

2. How do you designate that a group is ferpa protected, or are all

3. How do you designate which subjects are ferpa protected (subject

4. How do you designate who is allowed to see the student data (is it
global, e.g. user must be in etc:ferpaLister group)? Or is it local
to a group, e.g. we need a new privilege like ferpaList, and any user
assigned to that can list all members).

5. On the UI or WS, the subject would be displayed as: <private> or
some label, right?

6. What about LDAP, how would some people be able to see the data and
some not?

7. Does this apply to the subject finder where you search for people
(e.g. to add to group) and you don't see everyone's name / subjectId
unless you are allowed to see students?

Thanks, Chris

-----Original Message----- From: Thomas M Goerger
[mailto:] Sent: Wednesday, November 26, 2008 12:32 PM To: Subject: [grouper-users] FERPA
Suppression of user entries


Awhile back I had written to ask about suppression of user
information in the Grouper display for FERPA requirements. I
haven't heard anything back about that in awhile, and was wondering
if there were any updates that I could get. If it helps, I can
send some of the discussion back to the list, if there's any need
of a memory refresher.


** * Tom Goerger - Email/Unix System Administrator * * * *
University of Minnesota Email: * * Operations, Infrastructure and Architecture Phone: 4-5804 * *
Internet Services Office: 626J WBOB * * * ***********************************************************************

  • Re: [grouper-users] FERPA Suppression of user entries, Tom Barton, 12/02/2008

Archive powered by MHonArc 2.6.16.

Top of Page