Skip to Content.
Sympa Menu

grouper-users - RE: Example Groups

Subject: Grouper Users - Open Discussion List

List archive

RE: Example Groups

Chronological Thread 
  • From: Richard James <>
  • To: "'Imholz, John J.'" <>, "''" <>
  • Subject: RE: Example Groups
  • Date: Tue, 18 May 2010 14:37:25 +0100
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB


With reference to the structuring of groups within Grouper, we at Newcastle
University, structure our groups into 3 main stems.

"Corporate Data" - this is where we load in Corporate data. These structures
are non-editable and are loaded in with either the use of the Grouper Loader
or other data integration tools such as Talend. All users of Grouper have
read only access to these groups.

This stem allows us to represent key Institutional data from the University's
HR systems, for example
* Organisational Structure
* Mapping students to their modules
* Mapping module leaders/lecturers/contributors to their modules

We are always investigating which Institutional data to represent within
Grouper, and have came across scenarios where we did not believe it was
worthwhile. As part of a new room booking system, we decided against creating
a structure of mapping staff members to the buildings/rooms where they
reside, instead we have approached this differently with the use of user
created groups. By making this institutional data available we are able to
provide administrators of systems more flexibility to delegate access to
applications, whilst removing some administrative burden by providing
pre-populated groups.

"User Groups" - this area is for groups of users or departments to create
their own group structure. By default a new stem is set up for the user where
they are provided with privileges to create groups/stems within that working
area. They are able to then delegate privileges to other users to administer
their created groups. They are able to assign memberships on a individual
basis or more ideally make use of the groups within the Corporate Data stem.

This stem is particularly important for representing groups of users which
are not represented within our HR systems. For example we do not have a data
feed available which says who the members of a particular research group are,
and similarly with University societies. In these cases user managed groups
can be created with the members of these lists being manually administered,
and then subsequently used to provide access control to applications
represented within the "Applications" stem.

"Applications" - Groups within this stem make use of the groups created in
the preceding stems to delegate access to different systems. They provide
access lists for applications and resources such as our wiki service, site
manager etc. An example for this would be with wikis, we are able to provide
access to all of Computing Science by using source group from Org_Structure,
and also a research group created and managed within the user group stem.

The above structure has provided a good starting point for us to allow
delegation of access control with a combination of pre-loaded and user
managed groups, yet it is something we are always monitoring to see if we can
improve it. We are currently working on a project which is interested in the
structuring of groups to enable more effective delegation of access control.
As part of this we have made available a couple of use case documents which
discuss how we have approached some scenarios, with relevance to how we have
structured our access groups and made use of the above core stems. They can
be found on our project website at, we'll be
adding more over the coming months as further use cases are indentified.

Regards to LDAP, we don't currently provision our groups into LDAP, but this
is something we are hoping to be able to do as part of the GRAND project.

I hope the above is of some help to you, and provides a good starting point
for planning the structuring of your groups.


Richard James
ISS Middleware Team
Newcastle University

>-----Original Message-----
>From: Imholz, John J.
>Sent: 18 May 2010 12:51
>Subject: [grouper-users] Example Groups
>We're just getting started with Grouper here. We've had a server up and
>running a few weeks, and we've actually loaded some groups with loader.
>What I'm looking for is more examples of how different institutions are
>coming up with their group structure, names and lessons learned (maybe
>I'm making this harder than I need to.)
>The second request would be for some more examples of groups with
>entitlement strings (how they look in both Grouper and LDIF)
>Does anyone consider this sensitive info?

Archive powered by MHonArc 2.6.16.

Top of Page