Exploring Grouper

The quick start web application is a great way to explore Grouper and get some idea of how it works. You can perform all the core tasks that Grouper supports through the application. Some functionality that has been added more recently is not supported in the application, but all you need to get you going is.

Open up a browser and type http://localhost:8080/grouper in the address bar. Assuming that you've got the database and tomcat running properly you will see this:

The welcome screen for the quick start contains some very useful information. I know it's tempting to log in straight away, but take some time to read this page. Alternatively you can read the rest of this section, which effectively reproduces the help presented in the quick start (plus some screen shots to help keep you oriented).

Terminology

First, it's important to become familiar with the terminology that is used in Grouper. The list below is not exhaustive, but it's enough to get started.

Group

A group represents a collection of 'items' or entities which are themselves considered to be members of the group

Entity

An entity is an abstraction for any 'item' which may be a member of a group. An entity has a 'type' e.g. person or group. To specify that group B is a member of group A is to specify that all members of group B are also members of group A. In the future, other entity types may be available to define computers or applications

Membership

A specific relationship between an entity and a group

Folder (also known as stem)

A folder is a name space or container in which groups exist. Folders are hierarchical and may contain sub folders or groups. The top-most folder is called Root. Folders can be used to collect together related groups and provide a means of controlling access to groups. Some examples of folders are:

  • uob>faculties>artf:fren = University of Bristol> Faculties> Arts Faculty> Department of French
  • uob>personal>[GrouperWG:username] = University of Bristol> Personal groups> [GrouperWG:name]
    In the quick start web application, groups and folders are distinguished by the addition of square brackets [] around group names.

Privileges

Grouper provides fine control over who can create folders and groups, who can change the membership of a group, and who can grant privileges for specific folders or groups to others. In fact, privileges are granted to entities. By granting a privilege to an entity which is a group, all members of that group are granted the privilege (for as long as they are a member of the group). EveryEntity is a special internal entity. Any privilege granted to EveryEntity is, in effect, granted to all entities. GrouperSysAdmin is also a special internal entity which has implicit admin privileges for folders and groups.A SysAdmin group, if defined, conveys implicit GrouperSysAdmin privileges to its members. Members of this group, by default, act as themselves with privileges limited to those assigned to them. This UI allows SysAdmin group members to opt to Act as admin.
Creation privileges
Create Group
Entity may create groups in this folder
Create Folder
Entity may create subfolders in this folder
Group privileges
Member
Entity is a member of this group
Optin
Entity may elect to join this group
Optout
Entity may elect to leave this group
View
Entity may see that this group exists
Read
Entity may see the membership list for this group
Update
Entity may modify the membership of this group
Admin
Entity may modify the membership of this group, delete the group or assign privileges for the group

To do anything in the web interface you need to log in. First, click the "Log in" link on the right hand side of the page and log in as GrouperSystem, which is a superuser, with permissions to do anything (the password is 123).

You will see this page:

Now, the web interface caters for regular users as well as admin users, with different menu options available for both. To demonstrate this we'll log in next as a regular user. Click the "log out" link on the right of the blue header bar.

At first glance this looks a little worrying, but it is simply because the quick start used basic authentication which the browser keeps cached (we'll cover the use of alternative authentication methods later). Close you browser, open it again and visit http://localhost:8080/grouper once again. This time log in as hata (password 123).

You will see a page with different menu options, suitable for a regular user.

Admin and "lite" pages

The pages with which you interact in Grouper are of fall into 2 categories:

  1. Administrative pages - the majority of pages fall into this category. They give you access to all (or almost all) of the fields that can be set in various tasks. This can mean that the pages are filled with information, some of which may be confusing. These pages are often referred to as the "admin" user interface
  2. "Lite" pages. Scattered through the admin UI are links to equivalent pages in the "lite" UI. These are simplified versions of the admin pages which share the same function. They also require less clicking as they use AJAX (asynchronous Javascript and XML) to perform searches. The "lite" interface pages are targeted at the end user.

As we explore common Grouper tasks in the UI we'll be logged in as GrouperSystem.