Terminology in the Grouper User Interface
The below table breaks terminology into categories and shows the old terms (used prior to v 1.3), the current terms and a description.
Category |
Old Term (prior to Grouper 1.3) |
Current Term |
Definition/Description |
||
---|---|---|---|---|---|
UI Labels |
Privilegees |
Enities With Privileges |
|
||
|
Subject |
Entity |
An entity is an abstract item which may be a member of a group. |
||
|
is a direct privilegee |
has direct privileges |
as a member of the group |
||
|
is a indirect privilegee |
has indirect privileges |
within a group that is a member of the group |
||
|
Extension |
ID |
An internal name describing this group that is generally not exposed to the user. This name cannot be changed after it is edited |
||
|
Name |
ID Path |
An internal concatenation of the hierarchy to this group that is generally not exposed to the user |
||
|
Display extension |
Name |
The group name that is displayed when browsing or searching |
||
|
Display name |
Path |
The path is the concatenation of the hierarchy (folders and groups) that lead to the unique location of this group |
||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="617eff78-056b-4e08-a899-647d97728e80"><ac:plain-text-body><![CDATA[ |
Hierarchy |
stem [conceptual] |
Folder |
a fundamental unit (container) of the hierarchy that can have a parent (folder or 'root') or children (folders or groups) |
]]></ac:plain-text-body></ac:structured-macro> |
|
group |
group |
a type of entity made up of members |
||
|
Manage Stem |
Manage Folder |
This is where you can create or edit the folders within the hierarchy or add groups to the hierarchy |
||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cfb21b78-6288-468d-ae5c-3ca17b909c8f"><ac:plain-text-body><![CDATA[ |
Hierarchy Priv |
stem [privilege] |
Create Folder |
the ability to create children folders or branches in the hierarchy |
]]></ac:plain-text-body></ac:structured-macro> |
|
Create |
Create Group |
Add or create the name for a new group at this folder (location) in the hierarchy however the entity that creates a group is given Admin rights to the group by default. |
||
|
Stem privilege |
Creation Privileges |
a hierarchy Is made up of folders. The folder subfolder relationship define the path through the hierarchy |
||
Navigation |
saved subjects |
Entity Workspace |
a session specific area where you can store groups that you will need to create compound groups, etc |
||
|
Saved groups |
Group Workspace |
a session specific area where you can store groups that you will need to create compound groups, etc |
||
|
Search subjects |
Search |
|
||
Administrative |
grouperAll |
EveryEntity |
Default group privileges that are inherited upon group creation |
||
|
GrouperSystem |
GrouperSysAdmin |
the highest level administrative user of the system |
||
|
WheelGroup |
SysadminGroup |
all people in this group have full system admin privileges |
||
Group Priv |
Admin |
Admin |
Entity (typically group or person) may modify the membership of this group, delete the group or assign privileges for the group |
||
|
Member |
Member |
Any entity (typically group or person) that is a part of this group |
||
|
Optin |
Optin |
Entity (typically group or person) may choose to join this group |
||
|
Optout |
Optout |
Entity (typically group or person) may choose to leave this group |
||
|
Read |
Read |
Entity (typically group or person) may see the membership list for this group |
||
|
Update |
Update |
Entity (typically group or person) may modify the membership of this group |
||
|
View |
View |
Entity (typically group or person) may see that this group exists |
Below are Grouper concepts described/translated using the UI terminology of version v1.3 and above.
TERM |
DEFINITION |
---|---|
Access Privileges |
Privileges that determine what a Entity can do with a Group. They are:
|
Attribute |
A single-valued string associated with a Group or a Folder. By default, Grouper supports six attributes (one of two kinds of Field):
|
Composite Group |
A Group whose Membershipis determined by combining the membership lists of two other groups, without listing its members explicitly. These two groups are called itsFactor Groups. Three methods of combining the factor groups' memberships are supported:
|
Direct Membership |
An entity that is listed in the Membership list of a Group has a direct membership in the group. Also see Indirect Membership. |
Factor Group |
A Group in combination (union, intersection, or relative complement) with that of another factor group, which defines the membership of a resulting Composite Group. |
Field |
Either an Attribute or a List. Grouper groups are a collection of attributes and lists, i.e., a collection of fields. The set of fields attached to a given group is a function of the set of Group Types it has been assigned. |
Group |
A list of Subjects having Membership in the group, together with other attributes about the group. A list can have zero or more entries. In Grouper, a list contains only entity references, and an attribute is a single-valued string. A group must be created in an existing Folder. If a group is made a member, i.e., a Subgroup, of another group, the members of the group will also be made members. By default, a Grouper group has:
|
Group Math |
Any combination of groups for the purpose of creating another group based on the memberships of those groups. See Composite Group. |
Indirect Membership |
An Entity that is a member of a Subgroup of a Group, or a member of a Factor Group that contributes positively to a group's membership, has an indirect membership in the group. Also see Direct Membership. |
List |
A multi-valued list of Entity references, (one of two kinds of Field). The direct members of a group are the values of the group's members list. Lists are also used to identify which entities have which Creation or Access Privileges. Sites can extend a group type to include custom lists; however, their semantics are external to Grouper. See Group. |
Member |
Any Entity in the membership list of at least one group. Also, a Member of a Group is any Entity with a Direct or Indirect Membership in the Group. |
Membership |
The direct-only, indirect-only, or direct plus indirect members of a Group. A specific variety of membership is determined by context or configuration, i.e., the default User Interface allows the user to select among these three types of membership where appropriate. |
Creation Privileges |
These privileges determine what an Entity can do with a Folder. They are:
|
Path |
A string that precedes the Group's name. By linking the ability to create groups to a specified folder (via the Creation privilege), the possibility that different groups can be given the same name is substantially reduced, and the name of each group can be made to reflect something about the authority under which it was created. |
|
|
Subgroup |
A Group that is a Direct Member of another group. |
Entity |
An abstraction of any object whose Memberships are to be managed by Grouper. Most Grouper deployments will manage entities that represent people and groups, but computers, accounts, services, or any other type of object maintained in a back-end identity store may be presented as an entity to Grouper by use of the Subject API. |
Type |
There are two distinct uses for this term in Grouper.
|
Examples
Step 1: Create a Root Folder
In the example below, a root Folder is first created. Note: creating a folder is required prior to the creation of any groups.
Folder uofc
attribute |
value |
---|---|
folder |
empty |
ID |
uofc |
name |
The University Of Chicago |
ID path |
uofc |
path |
The University Of Chicago |
Step 2: Create a Group
Next, a group may be created using the "uofc" naming stem.
Group uofc:exec_council
attribute |
value |
---|---|
folder |
uofc |
ID |
exec_council |
name |
Executive Council |
ID path |
uofc:exec_council |
path |
The University of Chicago:Executive Council |
Step 3: Create a Subordinate Folder and Group
Folder ID and Path values propagate down through subordinate floders, e.g the Biological Sciences Division within U of C:
Folder uofc:bsd
attribute |
value |
---|---|
folder |
uofc |
ID |
bsd |
name |
Biological Sciences Division |
ID path |
uofc:bsd |
path |
The University Of Chicago:Biological Sciences Division |
Again, a group is created, e.g., the Enterprise Information Systems staff, with the above folder, and is displayed as follows:
Group uofc:bsd:eis_staff
attribute |
value |
---|---|
folder |
uofc:bsd |
ID |
eis_staff |
name |
Enterprise Information Systems staff |
ID path |
uofc:bsd:eis_staff |
path |
The University Of Chicago:Biological Sciences Division:Enterprise Information Systems staff |