{"id":65,"date":"2016-02-19T11:29:33","date_gmt":"2016-02-19T11:29:33","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/integration\/?p=65"},"modified":"2016-02-22T14:52:33","modified_gmt":"2016-02-22T14:52:33","slug":"principles-tips-and-good-practice-for-grouper-administrators-at-newcastle-university","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/principles-tips-and-good-practice-for-grouper-administrators-at-newcastle-university\/","title":{"rendered":"Principles, tips and good practice for Grouper administrators at Newcastle University"},"content":{"rendered":"<p>As I&#8217;ve watched the uptake of Grouper grow within the computing officer community over the last year (<a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/01\/29\/grouper-huh-yeah-what-is-it-good-for\/\">with many new and interesting use cases<\/a>), I&#8217;ve seen many people face the same problems and struggle with the same dilemmas. The more I&#8217;ve helped people tackle these challenges, the clearer the solutions have become in my mind and the more I&#8217;ve realised I should try to document some of it. So, here it is, my list of principles, tips and good practices for Grouper administrators &#8230;<\/p>\n<ol>\n<li><a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/user-groups-for-admin-privileges\/\">Use a &#8216;User Group&#8217; to determine who has admin privileges<\/a> on all of your groups and folders.<\/li>\n<li>Whenever possible, <a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/use-corporate-data-groups-to-control-memberships\/\">use &#8216;Corporate Data&#8217; groups to control memberships<\/a> of your groups.<\/li>\n<li>Where adequate source data doesn&#8217;t exist to define a &#8216;Corporate Data&#8217; group, <a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/create-a-user-group-if-youre-likely-to-reuse-the-same-set-of-members\/\">create a &#8216;User Group&#8217; if you&#8217;re likely to use the same set of members in more than one place<\/a>.<\/li>\n<li><a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/only-create-applications-groups-if-you-need-them\/\">Only create &#8216;Applications&#8217; groups if you need them<\/a> to be provisioned to AD or available as Shibboleth attributes.<\/li>\n<li><a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/adhere-to-the-naming-convention-for-applications-groups\/\">Adhere to the naming convention for &#8216;Applications&#8217; groups<\/a>.<\/li>\n<li><a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/make-applications-groups-specific\/\">Make &#8216;Applications&#8217; groups specific<\/a> to a service or purpose.<\/li>\n<li>If you are delegating control of a group&#8217;s membership, <a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/give-out-the-update-privilege-not-the-admin-privilege\/\">give out the &#8216;update&#8217; privilege, not the &#8216;admin&#8217; privilege<\/a>.<\/li>\n<\/ol>\n<p>I realise it&#8217;d be useful to supplement this post with a higher-level overview of how Grouper works and what I mean by &#8216;Corporate Data&#8217;, &#8216;User Groups&#8217; and &#8216;Applications&#8217; groups. We&#8217;ll endeavour to get that written soon.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As I&#8217;ve watched the uptake of Grouper grow within the computing officer community over the last year (with many new and interesting use cases), I&#8217;ve seen many people face the same problems and struggle with the same dilemmas. The more &hellip; <a href=\"https:\/\/blogs.ncl.ac.uk\/integration\/2016\/02\/19\/principles-tips-and-good-practice-for-grouper-administrators-at-newcastle-university\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1062,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[13,12,4],"class_list":["post-65","post","type-post","status-publish","format-standard","hentry","category-group-management","tag-admin","tag-principles","tag-tips"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/posts\/65","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/users\/1062"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/comments?post=65"}],"version-history":[{"count":23,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/posts\/65\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/posts\/65\/revisions\/122"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/media?parent=65"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/categories?post=65"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/integration\/wp-json\/wp\/v2\/tags?post=65"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}