Subject: Grouper Users - Open Discussion List
[grouper-users] Using one group for different purposes
- From: David Millar <>
- To: "" <>
- Subject: [grouper-users] Using one group for different purposes
- Date: Mon, 26 Aug 2013 15:28:13 +0000
- Accept-language: en-US
When one group serves multiple purposes, are there best practices to
minimize the likelihood that a group administrator makes bad
assumptions about the policy for group membership?
Say that TA #1 creates a group to manage a class mailing list, and the
class policy is that both registered students as well as those auditing
the class may be subscribed to the mailing list.
Then, say that another TA for that class, TA #2 sees that group, and
decides to use it for access control in Active Directory for class
Let's say that class policy is that only registered students may access
domain resources, and TA #2 does not realize that the group TA #1
created is too inclusive for her purposes.
What is the best way to maximize the odds that TA #2 will understand
that TA #1 includes auditors, and takes appropriate steps to exclude
them from her group?
Is it primarily a matter of user education? Or is this best achieved
through group naming or group description standards? Is there any more
systematic way to try to make this happen (like a field in a group called
[To be clear: I'm not asking how to create two different groups. I can see
how we could simply use an attribute like 'IsRegistered' for this purpose.
Rather, I'm asking how to minimize the likelihood that someone makes bad
assumptions about how group membership is determined.]
Thanks in advance,
Principal Security Analyst
- [grouper-users] Using one group for different purposes, David Millar, 08/26/2013
- Re: [grouper-users] Using one group for different purposes, Jim Fox, 08/26/2013
- Re: [grouper-users] Using one group for different purposes, David Langenberg, 08/26/2013
Archive powered by MHonArc 2.6.16.