Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] composite groups - adhoc combined with official groups

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] composite groups - adhoc combined with official groups

Chronological Thread 
  • From: Steven Carmody <>
  • To:
  • Subject: Re: [grouper-users] composite groups - adhoc combined with official groups
  • Date: Thu, 10 Sep 2015 09:59:55 -0400

Hi Jeff,

This approach will work when there's a major role change (eg a person is no longer a student). Actually -- when a student becomes an alumn, does Berkeley keep their account open, and treat that as a Role change ? Might there be situations where the person would not want to be dropped from an adhoc group when that transition occurs ?

My bigger question, tho, is that we can imagine lots of "smaller" changes in a person's relationship with the campus that could affect membership in adhoc groups (eg a staff member moving from one dept to another; a student employee ending a student job, etc).

Would your plan also be able to act on these changes ?

On 9/9/15 6:36 PM, Jeff McCullough wrote:

We are planning to utilize composite groups as a way of
de-provisioning access when a person leaves a role, ex. employee,
student. That means that an adhoc group will be intersected with an
official group of employees. The adhoc group will be known to whomever
is creating the composite group, but they may not need to have access to
the membership of employees or students. Thus all they really need to
have for access to the official group is view. The composite group UI
currently requires read/view access to both groups used. I can imagine
the UI could be tweaked such that only view access was needed for the
official group. And yes, one could reverse engineer whether someone is
part of an official group by creating a composite group. That said, it
would be best to keep the access to official groups to a minimum. How
are other schools handling composite groups? Is there any desire to
create a modified UI to allow for view only access to one of the groups?


Archive powered by MHonArc 2.6.16.

Top of Page