Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Using one group for different purposes

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Using one group for different purposes

Chronological Thread 
  • From: David Millar <>
  • To: "" <>
  • Subject: [grouper-users] Using one group for different purposes
  • Date: Mon, 26 Aug 2013 15:28:13 +0000
  • Accept-language: en-US

Greetings all,

When one group serves multiple purposes, are there best practices to
minimize the likelihood that a group administrator makes bad
assumptions about the policy for group membership?

Say that TA #1 creates a group to manage a class mailing list, and the
class policy is that both registered students as well as those auditing
the class may be subscribed to the mailing list.

Then, say that another TA for that class, TA #2 sees that group, and
decides to use it for access control in Active Directory for class

Let's say that class policy is that only registered students may access
domain resources, and TA #2 does not realize that the group TA #1
created is too inclusive for her purposes.

What is the best way to maximize the odds that TA #2 will understand
that TA #1 includes auditors, and takes appropriate steps to exclude
them from her group?

Is it primarily a matter of user education? Or is this best achieved
through group naming or group description standards? Is there any more
systematic way to try to make this happen (like a field in a group called
"membership policy"?)

[To be clear: I'm not asking how to create two different groups. I can see
how we could simply use an attribute like 'IsRegistered' for this purpose.
Rather, I'm asking how to minimize the likelihood that someone makes bad
assumptions about how group membership is determined.]

Thanks in advance,
Dave Millar
Principal Security Analyst
Boston College

Archive powered by MHonArc 2.6.16.

Top of Page