UI Terminology

UI Labels

Privilegees

Enities With Privileges

Subject

Entity

An entity is an abstract item which may be a member of a group.
The two most common types of entities are 'person' or 'group'.
    (In the future, additional entity types may be used to describe computers or applications.)

is a direct privilegee

has direct privileges

as a member of the group

is a indirect privilegee

has indirect privileges

within a group that is a member of the group

Extension

ID

An internal name describing this group that is generally not exposed to the user. This name cannot be changed after it is edited

Name

ID Path

An internal concatenation of the hierarchy to this group that is generally not exposed to the user

Display extension

Name

The group name that is displayed when browsing or searching

Display name

Path

The path is the concatenation of the hierarchy (folders and groups) that lead to the unique location of this group

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="acceaa52-698c-4477-be49-581fbb5a0ad1"><ac:plain-text-body><![CDATA[

Hierarchy

stem [conceptual]

Folder

a fundamental unit (container) of the hierarchy that can have a parent (folder or 'root') or children (folders or groups)

]]></ac:plain-text-body></ac:structured-macro>

group

group

a type of entity made up of members

Manage Stem

Manage Folder

This is where you can create or edit the folders within the hierarchy or add groups to the hierarchy

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a319a878-28a7-476b-b8a1-72841c9eb02f"><ac:plain-text-body><![CDATA[

Hierarchy Priv

stem [privilege]

Create Folder

the ability to create children folders or branches in the hierarchy

]]></ac:plain-text-body></ac:structured-macro>

Create

Create Group

Add or create the name for a new group at this folder (location) in the hierarchy however the entity that creates a group is given Admin rights to the group by default.

This does not provide access to manage the group (add membership or edit attributes)

Stem privilege

Creation Privileges

a hierarchy Is made up of folders. The folder subfolder relationship define the path through the hierarchy

Navigation

saved subjects

Entity Workspace

a session specific area where you can store groups that you will need to create compound groups, etc

Saved groups

Group Workspace

a session specific area where you can store groups that you will need to create compound groups, etc

Search subjects

Search

Administrative

grouperAll

EveryEntity

Default group privileges that are inherited upon group creation

GrouperSystem

GrouperSysAdmin

the highest level administrative user of the system

WheelGroup

SysadminGroup

all people in this group have full system admin privileges (read more on the Wheel group)

Group Priv

Admin

Admin

Entity (typically group or person) may modify the membership of this group, delete the group or assign privileges for the group

Member

Member

Any entity (typically group or person) that is a part of this group

Optin

Optin

Entity (typically group or person)  may choose to join this group

Optout

Optout

Entity (typically group or person)  may choose to leave this group

Read

Read

Entity (typically group or person)  may see the membership list for this group

Update

Update

Entity (typically group or person)  may modify the membership of this group

View

View

Entity (typically group or person)  may see that this group exists

       TERM

Privileges that determine what a Entity can do with a Group. They are:

• ADMIN - can assign access privileges and manage all group information,
• UPDATE - can manage membership of the group (implies READ),
• READ - can see the membership of the group (implies VIEW), and
• VIEW - can see the group.
  In addition, a group may have options for its members to:
• OPTIN - can add self to the membership, and
• OPTOUT - can remove self from membership.
  

A single-valued string associated with a Group or a Folder. By default, Grouper supports six attributes (one of two kinds of Field):

• UUID - a Grouper-assigned, globally unique identifier.
• ID- the relative name of the group or folder within its parent folder; the contribution of a single element, such as a group or a folder, to the cumulative name.
• ID Path- used to facilitate searching for groups by name, it is a read-only string representation of the logical ordered pair of (parent folder, ID). This attribute is system-maintained. The string representation of the ID Path attribute is: <folder>:<ID>.
  
• Name- a displayed form of the ID.
• Path -used to facilitate searching for groups by the path, it is a read-only string representation of the logical ordered pair of (Path of parent folder, Name). This attribute is system-maintained. The string representation of the path attribute is: <Path of parent folder>:<name>.
  
• description - a description of the group or folder.

A Group whose Membershipis determined by combining the membership lists of two other groups, without listing its members explicitly. These two groups are called itsFactor Groups. Three methods of combining the factor groups' memberships are supported:

• union - all entities must be a member of one OR the other factor group,
  e.g., Group Z = members of either Group X OR Group Y, or Z = X U Y.
• intersection - all entities that are members of the first factor group AND the second factor group,
  e.g., Group Z = members of both Group X AND Group Y, or Z = X ∩ Y.
• relative complement - all members of the first factor group that are NOT members of the second factor group.
  e.g., Group Z = members of Group X AND NOT Group Y, or Z = X - Y.

An entity that is listed in the Membership list of a Group has a direct membership in the group. Also see Indirect Membership.

A Group in combination (union, intersection, or relative complement) with that of another factor group, which defines the membership of a resulting Composite Group.

Either an Attribute or a List. Grouper groups are a collection of attributes and lists, i.e., a collection of fields. The set of fields attached to a given group is a function of the set of Group Types it has been assigned.

A list of Subjects having Membership in the group, together with other attributes about the group. A list can have zero or more entries. In Grouper, a list contains only entity references, and an attribute is a single-valued string. A group must be created in an existing Folder. If a group is made a member, i.e., a Subgroup, of another group, the members of the group will also be made members. By default, a Grouper group has:

• six naming Attributes,
• a description attribute, and
• a members list.
  This information model can be extended to include additional site-defined attributes and lists.

Any combination of groups for the purpose of creating another group based on the memberships of those groups. See Composite Group.

An Entity that is a member of a Subgroup of a Group, or a member of a Factor Group that contributes positively to a group's membership, has an indirect membership in the group. Also see Direct Membership.

A multi-valued list of Entity references, (one of two kinds of Field). The direct members of a group are the values of the group's members list. Lists are also used to identify which entities have which Creation or Access Privileges. Sites can extend a group type to include custom lists; however, their semantics are external to Grouper. See Group.

Any Entity in the membership list of at least one group. Also, a Member of a Group is any Entity with a Direct or Indirect Membership in the Group.

The direct-only, indirect-only, or direct plus indirect members of a Group. A specific variety of membership is determined by context or configuration, i.e., the default User Interface allows the user to select among these three types of membership where appropriate.

These privileges determine what an Entity can do with a Folder. They are:

• CREATE GROUP - can create a group(s) named with a naming stem, and
• CREATE FOLDER - can assign who can CREATE folders (and sub folders) in a branch of the folder hirearchy.

A string that precedes the Group's name. By linking the ability to create groups to a specified folder (via the Creation privilege), the possibility that different groups can be given the same name is substantially reduced, and the name of each group can be made to reflect something about the authority under which it was created.
...see Examples below.

A Group that is a Direct Member of another group.

An abstraction of any object whose Memberships are to be managed by Grouper. Most Grouper deployments will manage entities that represent people and groups, but computers, accounts, services, or any other type of object maintained in a back-end identity store may be presented as an entity to Grouper by use of the Subject API.

There are two distinct uses for this term in Grouper.

• Group Type - each Group has one or more group types associated with it. The Grouper distribution contains support for a single group type called "base", but sites may register additional types, together with the attributes and lists associated with them, within their Grouper installation. Doing so enables management of groups with a richer information model or a more diverse set of information models.
• Entity Type - the Subject API v0.2.1 that Grouper 1.3 relies on uses the notion of a subject type, such as "person", "group", or "computer", etc.

folder

empty

ID

uofc

name

The University Of Chicago

ID path

uofc

path

The University Of Chicago

folder

uofc

ID

exec_council

name

Executive Council

ID path

uofc:exec_council

path

The University of Chicago:Executive Council

folder

uofc

ID

bsd

name

Biological Sciences Division

ID path

uofc:bsd

path

The University Of Chicago:Biological Sciences Division

folder

uofc:bsd

ID

eis_staff

name

Enterprise Information Systems staff

ID path

uofc:bsd:eis_staff

path

The University Of Chicago:Biological Sciences Division:Enterprise Information Systems staff