Access Keys:
Skip to content (Access Key - 0)

Grid Grouper

Groups

Grid Grouper: Administrators Guide | Developers Guide | caGrid: Documentation Guides

Overview

In Grouper/Grid Grouper groups are organized into namespaces or stems. Stems are organized in a tree hierarchy starting with the root stem, each stem can have a set of child stems and set of child groups with exception to the root stem which cannot have any child groups. Groups are composed of a set of attributes describing the group, a set of members in the groups, and a set of privileges assigned to users for protecting access to the group. In the table below we describe the list of attributes used for identifying a group:

Property
Description
Group Id
Unique identifier assigned to the Group by Grid Grouper.
Display Extension
Display name of the group.
System Extension System name of the group.
Display Name Full display name of the group within the context of the grouper tree hierarchy.
System Name Full System name of the group within the context of the grouper tree hierarchy.
Description Description of the group.

Groups in grid grouper support three types of memberships: (1) Directly adding a member (2) Adding a subgroup to a group (3) Making a group a composite of other groups. Directly adding a user as a member to a groups is straight forward, these members are referred to as Immediate Members. Adding a subgroup to a group makes all the members of the subgroup members of the group in which the subgroup was added. Members in a group whose membership is granted by membership in a sub group are referred to as Effective Members. A group can also be set to be a Composite group. A composite group consists of a set operation (Union, Intersection, Complement) on two other groups. For example a composite group consisting of the Intersection of Group X and Group Y would contain all the members that are both member of Group X and Group Y. Members whose membership is granted through a composite group are referred to as Composite Members.

To protect access to groups, Grid Grouper provides as set a privileges on each group which can be assigned to individual parties.  The privileges dictate how a party may interact with a group, the table below provides the complete list of group privileges provided by Grid Grouper:

Attribute Description
View
Parties with this privilege may see that the group exists.
Read
Parties with this privilege may see the members of the group and basic information identifying the group.
Update
Parties with this privilege may manage the membership of this group as well as grant View, Read, and Update privileges.
Admin
Parties with this privilege may administrate all aspects of the group.
Optin
Parties with this privilege may add themselves to the group.
Opout
Parties with this privilege may remove themselves from the group.

Privileges are specified using a party's grid identity, thus Grid Grouper requires users to authenticate using their PKI credential in order for them to employ the privileges they were granted.  Parties that authenticate with Grid Grouper that don't have any privileges or parties that connect to Grid Grouper anonymously inherit the privleges assigned to the GrouperAll user.  By default the GrouperAll is granted Read and View privileges on each group.

Viewing Groups

The GAARDS UI provides a mechanism for administrating groups, to view a group with the GAARDS UI complete the following steps:

  1. Launch the GAARDS UI.
  2. Logon to the Grid using your user account.
  3. From the Group Management menu select Group Browser, this will open the Group Browser Window.
  4. Click the Add Grid Grouper button, this will bring the Add Grid Grouper Window.
  5. From the Grid Grouper drop down select the Grid Grouper you wish to communicate with.
  6. From the Credentials drop down select the credential you wish to use.
  7. Click the Add button, this will load the Grid Grouper you specified into the Group Browser window.
  8. In the Grid Grouper tree, select the group you want to administer and click the View button.

Group Details

On the right of the screen, a tab will open entitled with the group's name. This tab contains three sub tabs: (1) Details, (2) Privileges, and (3) Members.   The Details tab contains information that identitifies the group.   The Privileges tab allows users with Update or Admin privileges to manage the privileges for the group.   The Members tab allows users with Update or Admin privileges to manage the members of the group   In the remainder of this section we will discuss the Details tab, the Privileges and Memberstabs will be discussed later in this guide.

The Details tab contains attributes that identitfy the group, the table below lists and provides a description of each of the attributes:

Attribute
Description
Grid Grouper
The URL of the Grid Grouper in which the group is contained.
Group Id
Unique identifier assigned to the group by Grid Grouper.
Display Name
Full display name of the group within the context of the grouper tree hierarchy.
System Name
Full System name  of the group within the context of the grouper tree hierarchy.
Display Extension Display name of the group.
System Extension System name of the group.
Created
The date and time the group was created.
Created By
The identity of the user that created the group.
Last Modified
The date and time the group was last modified.
Last Modified By
The identity of the user that last modified the group.
Description
A description of the group.

Of the attributes listed in the above table, only the display extension and description may be updated. To update one of these attributes, make the desired modifications and click the Update button.

Managing Privileges

To protect access to groups, Grid Grouper provides a set of privileges on each group which can be assigned to individual parties.  These privileges dictate how a party may interact with a group, the table below provides the complete list of group privileges provided by Grid Grouper:

Attribute Description
View
Parties with this privilege may see that the group exists.
Read
Parties with this privilege may see the members of the group and basic information identifying the group.
Update
Parties with this privilege may manage the membership of this group as well as grant View, Read, and Update privileges.
Admin
Parties with this privilege may administrate all aspects of the group.
Optin
Parties with this privilege may add themselves to the group.
Opout
Parties with this privilege may remove themselves from the group.

The GAARDS UI provides a mechanism for granting and revoking the privileges on groups. To view all the existing privileges on a group, please complete the following steps:

  1. Launch the GAARDS UI.
  2. Logon to the Grid using your user account.
  3. From the Group Management menu select Group Browser, this will open the Group Browser Window.
  4. Click the Add Grid Grouper button, this will bring the Add Grid Grouper Window.
  5. From the Grid Grouper drop down select the Grid Grouper you wish to communicate with.
  6. From the Credentials drop down select the credential you wish to use.
  7. Click the Add button, this will load the Grid Grouper you specified into the Group Browser window.
  8. Select the group you want to administer and click the View button.
  9. Click the Privileges tab.
  10. Click the Search button.

This will list all the privileges granted on the group in the table below the Search button.  Privileges are organized in the table by user, users not listed in the table inherit the pivileges assigned to the GrouperAll user.  The GrouperAll user represents the default pivileges of the group.   When a group is created, the GrouperAll user has the View and Read pivileges.    To grant or revoke privileges to a user with existing privileges select the listing for that user in the table and click the View button.  If you wish to grant privileges to a user that has not been granted privileges (not listed in the table) click the Add button.  In either case the Group Privilege Window will launch.   If you are granting privileges to users without any existing privileges (clicked the Add button), you will need to specify the user's grid identity in the Identity text box.  Under the Identity text box are the privileges that can be granted or revoked on the group.  To grant a privilege select the check box for that privilege.  To revoke a privilege deselect the check box for that privilege.  Once you have made the changes you desire, click the Update Privilege(s) or the Add Privilege(s).  Once you have clicked the button the privileges your granted or revoked will immediately take effect.

Group Privileges

Group Privilege

Managing Members

Grid Grouper supports three types of group memberships:

  • Immediate Membership - Directly adding a member to a group.
  • Effective Membership - Adding an existing group to a group as a subgroup. Adding a subgroup to a group makes all the members of the subgroup members of the group in which the subgroup was added. Members in a group whose membership is granted by membership in a sub group are referred to as Effective Members.
  • Composite Membership - Membership is based on a set operation (Union, Intersection, or Complement) on two other groups. For example a composite group consisting of the Intersection of Group X and Group Y would contain all the members that are both members of Group X and Group Y. Members whose membership is granted through a composite group are referred to as Composite Members.

The GAARDS UI provides a means of listing, adding, and removing members from groups. To view the members of a given group complete the following steps:

  1. Launch the GAARDS UI.
  2. Logon to the Grid using your user account.
  3. From the Group Management menu select Group Browser, this will open the Group Browser Window.
  4. Click the Add Grid Grouper button, this will bring the Add Grid Grouper Window.
  5. From the Grid Grouper drop down select the Grid Grouper you wish to communicate with.
  6. From the Credentials drop down select the credential you wish to use.
  7. Click the Add button, this will load the Grid Grouper you specified into the Group Browser window.
  8. Select the group you want to administer and click the View button.
  9. Click the Members tab.
  10. Click the Search button.

After the search has completed, all the member of the group will be listed in the table below the search button.

You can limit your member search by type of membership, by selecting the type of membership from the drop down next to the search button.

Adding Members

To add a member to the group, click the Add button, this will launch the Add Member Window.  From the Member Type drop down select the membership type you wish to add.  To add an Immediate Member, select User, to add a Effective Member, select Group, and to add a Composite Member, select Composite.  Below the drop down you will be prompted for information dependent on the type of membership you selected.  If you selected User (Immediate Membership), enter the grid identity of the user in the Grid Identity text box.  If you are a Dorian administrator you may click the Find button to search for a user.   If you selected Group (Effective Membership), select the group you wish to add as a member from the Group drop down.  If you selected Composite (Composite Membership), select the composite type from the Composite Type drop down and select a group from the Left Group drop down and select a group from the Right Group drop down.  Once you have specified the information for the membership type you selected, click the Add button, the member will immediately be added to the group.

Removing Members

To remove a member from a group, select the member to remove from the members table and click the Remove button.

Group Members

Add Immediate Member

Add Effective Member

Add Composite Member
Last edited by
Stephen Langella (1185 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence