The Grouper structure at Newcastle University has an implied data flow through the use of four distinct group types. Administrators are able to use Corporate Data Groups to build custom User Groups, a combination of which can then be used to build Application and Non-AD groups.

• Corporate Data
  These groups are populated from our corporate data source systems (principally SAP), and will automatically update membership as individual circumstances change.
  These groups are not editable.
• User Groups
  These groups are generally created by computing officers to manage groups which are not reflected in our corporate data, e.g. research groups. User groups may contain a combination of Corporate Data groups and directly assigned users.
  These groups are editable by delegated administrators.
• Application Groups
  All groups created in this branch will be automatically provisioned to the Active Directory. These groups are used to control access to applications and resources such as websites (via shibboleth) and filestores etc. Application groups may include a combination of Corporate Data groups, User Groups and directly assigned users.
  These groups are editable by delegated administrators.
• Non-AD Access Control
  These groups are identical to Application Groups other than that they are not provisioned to the Active Directory. Non-AD Access Control groups are used to control access to non-AD integrated applications such as Chubb.
  These groups are editable by delegated administrators.