The quick start web application is a great way to explore Grouper and get some idea of how it works. You can perform all the core tasks that Grouper supports through the application. Some functionality that has been added more recently is not supported in the application, but all you need to get you going is.
Open up a browser and type http://localhost:8080/grouper in the address bar. Assuming that you've got the database and tomcat running properly you will see this:
The welcome screen for the quick start contains some very useful information. I know it's tempting to log in straight away, but take some time to read this page. Alternatively you can read the rest of this section, which effectively reproduces the help presented in the quick start (plus some screen shots to help keep you oriented).
First, it's important to become familiar with the terminology that is used in Grouper. The list below is not exhaustive, but it's enough to get started.
Group | A group represents a collection of 'items' or entities which are themselves considered to be members of the group |
Entity | An entity is an abstraction for any 'item' which may be a member of a group. An entity has a 'type' e.g. person or group. To specify that group B is a member of group A is to specify that all members of group B are also members of group A. In the future, other entity types may be available to define computers or applications |
Membership | A specific relationship between an entity and a group |
Folder (also known as stem) | A folder is a name space or container in which groups exist. Folders are hierarchical and may contain sub folders or groups. The top-most folder is called Root. Folders can be used to collect together related groups and provide a means of controlling access to groups. Some examples of folders are:
|
Privileges | Grouper provides fine control over who can create folders and groups, who can change the membership of a group, and who can grant privileges for specific folders or groups to others. In fact, privileges are granted to entities. By granting a privilege to an entity which is a group, all members of that group are granted the privilege (for as long as they are a member of the group). EveryEntity is a special internal entity. Any privilege granted to EveryEntity is, in effect, granted to all entities. GrouperSysAdmin is also a special internal entity which has implicit admin privileges for folders and groups.A SysAdmin group, if defined, conveys implicit GrouperSysAdmin privileges to its members. Members of this group, by default, act as themselves with privileges limited to those assigned to them. This UI allows SysAdmin group members to opt to Act as admin. |
To do anything in the web interface you need to log in. First, click the "Log in" link on the right hand side of the page and log in as GrouperSystem, which is a superuser, with permissions to do anything (the password is 123).
You will see this page:
Now, the web interface caters for regular users as well as admin users, with different menu options available for both. To demonstrate this we'll log in next as a regular user. Click the "log out" link on the right of the blue header bar.
At first glance this looks a little worrying, but it is simply because the quick start used basic authentication which the browser keeps cached (we'll cover the use of alternative authentication methods later). Close you browser, open it again and visit http://localhost:8080/grouper once again. This time log in as hata (password 123).
You will see a page with different menu options, suitable for a regular user.
The pages with which you interact in Grouper are of fall into 2 categories:
As we explore common Grouper tasks in the UI we'll be logged in as GrouperSystem.