Grouper Users - Open Discussion List

[Steven Carmody <>]

Hi Jeff,

This approach will work when there's a major role change (eg a person is 
no longer a student). Actually -- when a student becomes an alumn, does 
Berkeley keep their account open, and treat that as a Role change ? 
Might there be situations where the person would not want to be dropped 
from an adhoc group when that transition occurs ?

My bigger question, tho, is that we can imagine lots of "smaller" 
changes in a person's relationship with the campus that could affect 
membership in adhoc groups (eg a staff member moving from one dept to 
another; a student employee ending a student job, etc).

Would your plan also be able to act on these changes ?

On 9/9/15 6:36 PM, Jeff McCullough wrote:
> We are planning to utilize composite groups as a way of
de-provisioning access when a person leaves a role, ex. employee,
student. That means that an adhoc group will be intersected with an
official group of employees. The adhoc group will be known to whomever
is creating the composite group, but they may not need to have access to
the membership of employees or students. Thus all they really need to
have for access to the official group is view. The composite group UI
currently requires read/view access to both groups used. I can imagine
the UI could be tweaked such that only view access was needed for the
official group. And yes, one could reverse engineer whether someone is
part of an official group by creating a composite group. That said, it
would be best to keep the access to official groups to a minimum. How
are other schools handling composite groups? Is there any desire to
create a modified UI to allow for view only access to one of the groups?
> Thanks,
> Jeff