Using Grouper as a Service Owner

Tags Grouper

Grouper is a powerful and flexible access management system designed to facilitate the efficient management and provisioning of access rights within our community. Grouper enables service owners and administrators to define and manage groups, assign permissions, and control access to resources in a centralized manner.

Grouper Basics

This section is meant to be quick review of Grouper's basic actions to help you manage your service's associated Grouper groups. For a more in depth review of the actions available to you in Grouper, see the Grouper Advanced section. 

How to log in to Grouper

Grouper uses SSO to authenticate, You may be asked to enter your NetID and password. 
grouper-ui.dartmouth.edu

Finding your group

Search

The search bar in the top right corner will try to match your search string as closely as possible. The results will contain folders, groups, and users. 

Browse Folders

The Browse Folders section on the left will let you navigate the Grouper folder structure. You will will only be able to find groups and folders using this method.

Add a group to your favorites

There is a My Favorites section on the Grouper homepage and Quick Links that you can curate with groups, folders, and users. When you open the object you would like to favorite, open the actions menu in the top right and select Add to my Favorites.

App folder structure

  • Service (folder)
    • policy (folder)
      • auto (group)
      • Service allow (group)
      • Service allow_auto (group)
      • Service allow_manual (group)
      • Service deny_auto (group)
      • Service deny_manual (group)
    • security (folder)
      • Service admin (group)
    • Service Users (group)

Policy groups are created to to give more flexibility to allow/deny access to your service. All manual changes to a service's access will be managed through the allow_manual and deny_manual groups. All auto groups are not able to be updated manually. When you work with the team to set up this folder structure, you will be consulted on the logic to load the auto groups.

Security groups show who has access to view and manage memberships in your group. 

The Service Users group is the the primary group that manages provisioning for your service. The members of this group are automatically managed by the policy groups. 

Check a group's membership

When you open a group, the membership is displayed in a table below the group details. By default, all memberships of the group is display which will include groups, users, users who are members of the sub groups, and groups who are members of sub groups. 

  • Direct membership is groups and users who were added directly to the group.
  • Indirect membership are users or groups who are a member of a group with direct membership. 

To find if a user is a member of your group, you can employ a couple methods to confirm their status.

  • Filter membership types in the group
  • Search for the user by name in the group's membership table.
  • Search for the user by name or NetID in the Grouper wide search and review their group memberships. 

Adding and removing users from a group

There is more than one way to add or remove a user from a group in Grouper. We recommend managing the membership in the group since this method is a less prone to error. The Grouper Advanced section below goes into more detail about other methods.

Add

  • Select the + Add Members button at the top right of your group's page.
  • Enter the full or partial name or NetID of the user you would like to add to the group. 
  • Select the correct user from the dropdown results. 
  • Additional options:
    • Assign these priviledges - Default privileges will be selected by default, leave this setting as is.
    • Start and End Date - If you would like to specify the start and end date of the membership, follow the date time formatting(in UTC).
  • Select Add

Remove

  • In the group page, find the member you want to remove from your group. 
  • Select the check box to the left the user you want to remove. 
  • Select Remove Selected Members.

 

Grouper Advanced

This section is designed to go further in depth with various Grouper topics and actions you can take advantage of as a service manager. 

Navigating Grouper

Homepage

  • Search - Results contain any group or member that partially match your search. Once you have performed for initial search, you can filter for specific object types. 
  • Help - Located next to Logout. Quick reference of Grouper terminology and how to perform basic actions.
  • My favorites - Groups you mark as favorites will appear here.
  • Groups I manage - Groups that you have access to manage will automatically appear here. 

 

Sidebar navigation

  • + Create new group - We ask that you do not use this during this phase. 
  • Quick Links
    • My groups - Complete list of groups that you have access to manage.
    • My folders - Complete list of Folders where you have access to manage.  
    • My favorites - List of groups you mark as favorites will appear here.
    • My activity - Shows your recent activity in Grouper (can specify a date range).
  • Browse folders - Shows the full folder structure of Grouper.

 

Group page

  • Top bar - Shows the path to access the group. 
  • + Add Members - Opens a dialog that allows you to directly add members to the group.
  • Group Actions - Lists all available actions your account can take on the group. See the Adding users to manually managed groups section for more details.
  • Show details - Expandable section that shows a list of additional group attributes like ID, first name, last name, etc. 
  • Members - This tab shows a full list of members, their membership, and actions you can take on each individual user. 
  • More - This tab will allow you to see if this group is a member of another group, it's privledges in other groups, etc. 

 

User page

  • Top bar - Will usually appear as Home > User's Name.
  • + Add to a group - Opens a dialog that allows you to directly add member this member to another group.
  • Entity Actions - Lists all available actions your account can take on the user. See the Adding users to manually managed groups section for more details.
  • Show details - Expandable section that shows a list of additional user attributes like ID, creation date, last editor, etc. 
  • Memberships - This tab shows a full list of the user's group memberships. Including the folder, group name, membership, and available actions. 

User search in Grouper

You can search for users in Grouper by using the single search bar in the top right corner of any page. Enter your search text and press enter or click on the magnifying glass. Your results appear on a new page. 

From the search bar, you can search for users and groups using the following criteria. 

  • User's name (Full or Partial)
  • NetID
  • Group name
  • Group Path (e.g. basis:oim:Adobe Computer Store Users)
  • Group ID

Adding users to manually managed groups

A user can be added to a group in two ways. If you are managing a service, it is generally best practice to manage memberships from your group. 

  • The Group's page
  • The User's page

Adding a member via the group page

  1. Search for or navigate to the group.
  2. Click on the + Add members button. 
  3. In the Member name or ID dialog, enter the name or NetID of the user and select it from the drop down menu and select Add. 
    Note: If you add by NetID (or exact name of user in Grouper), you don't need to select the user from the drop down before you press Add

 

Adding a member to a group from their user page

  1. Search for or navigate to the user.
  2. Click on the + Add to a group button. 
  3. In the Group name dialog, enter the name of the group and select it from the drop down menu and select Add. 
    Note: You will only be able to add a user to a group where you have the proper permissions.

 

Bulk operations

This can be initiated from the group or user + Add dialog by selecting Import a list of members.

There are 3 options to import users from this page. 

  • Search for members - This is the same as adding from the Group page. You make a list of users and submit when you are complete. 
  • Copy/paste a list of member IDs
  • Import a file

 

Copy/paste a list of member IDs

  1. Select Copy/paste a list of member IDs
  2. Enter a list of NetIDs (using a comma, space, or new line delimiter). E.g. f000123, f000124
  3. Validate your list to see the list of members.
    • Grouper can validate around ~25 users. If you paste in more users, you will want to submit without validating. 
  4. Click on Submit to add them as members to the group. You'll be presented with a results/failure page. 

 

Import a file

This option is very similar to the Copy/paste list method but is much more prone to error. You must follow the directions exactly to get it to work. 

  1. Click Import a file.
  2. On your computer, create a .txt file. Enter entityIdOrIdentifier at the top of the document. Then add each member's NetID on separate lines below.  
    • entityIdOrIdentifier
f000123
f000124
  3. Click Choose File back in Grouper. Select your text file you created on your computer. 
  4. Click Submit. You'll be presented with a results/failure page. 

Removing users from manually managed groups 

Removing a member via the group page

  1. Search for or navigate to the group.
  2. In the Members tab, scroll to find the name(not NetID) of the user you want to remove or search by name in the Filter for section.
  3. There are two ways to remove members:
    1. Multiple - Check the box next to the member you want to delete and click on Remove selected members.
    2. Single - select the Actions drop down next to the user's name. Click on Revoke membership.

 

Removing a member of a group from their user page

  1. Search for or navigate to the user.
  2. In the Membership tab, scroll to find the name of the group you want to remove or search by group name in the Filter for section.
  3. There are two ways to remove the group:
    1. Multiple - Check the box next to the member you want to delete and click on Remove selected groups.
    2. Single - select the Actions drop down next to the group's name. Click on Revoke membership.

Bulk operations

Follow the same instructions from the Add users section but select the option to Remove members? before you click on submit. 

Additional actions

Group actions

  • Add to my favorites - Adds to your Favorites on your homepage or the My Favorites section in the quick links. 
  • Join Group - Your account will become a member of the current group.
  • Visualization - This option provides a SVG(graphic) that displays some group logic and a tree of the memberships within your group.
  • Export members - exports a CSV of all the members in your group. 
  • Import members - Same as the Bulk operations sections.
  • Types - References the group type.
  • Remove all members - Deletes all members of the group. Please use this with caution. 

Details

Article ID: 152690
Created
Fri 6/30/23 11:53 AM
Modified
Fri 6/30/23 11:53 AM