The group management service allows application developers and non-technical administrators to create and manage institutional and personal groups to be used for access control to University applications and resources.
The service is positioned to help complement the current access groups stored within the University’s Active Directory by making it possible to delegate access to resources based on institutional data. These groups can help reduce day to day administration of access control; for example, when a member of staff joins or leaves a department their access rights will be updated automatically.
It also reduces the need for numerous access lists for different resources and systems; one group can be set up and membership of that single group can control access to multiple resources.
The service also enables the provision of a more personalised service to users of systems. It can be used to control what users see so, for example, in an online timetable a student will only be shown information about modules that they are enrolled on.
These groups can be used to delegate access to resources, as they are automatically created/updated, it can help to reduce the administration involved in delegating access control. For example, as staff members leave/join a department this would automatically be reflected in group memberships.
University members of staff who are systems administrators or application developers for official University systems can use this service.
External developers are able to make use of the service in the development of official University systems; a Newcastle University member of staff must be the main contact for any request.
Consultation, advice and guidance: 09:00-17:00, Monday to Friday, excluding University closure periods.
The interface and use of the groups is available 24 hours a day, 7 days a week.
The “at risk” period is 07:00-09:00 every Tuesday. Further planned maintenance times will be publicised in advance if there will be a disruption to the service.
Access to the interface is restricted to University members via the login gateway.
Where integration of group data is not available through the login gateway or the Active Directory, alternative methods are available the Institutional Data Feed Service.
The database containing group information is backed up on a nightly basis; in the scenario of a database outage it will take up to a day to restore the database.
If the database is unavailable, access to resources which use a combination of the group service and the login gateway would be temporarily unavailable. In this scenario the login gateway will be configured to query a backup of group memberships which will be hosted on another database server. This would allow for access to be restored within an hour.
During any database outage no updates can be made to the group memberships.
Group naming convention: http://research.ncl.ac.uk/grand/docs/Grouper%20Service.pdf
Group management service use case documents:
Additional support is available via the IT Service Desk on 5999 or firstname.lastname@example.org.
All incidents relating to this service will be handled according to the Incident Management and Major Incident Management processes.
To start using the groups service:
Requests for any other aspect of the service should be made via the IT Service Desk on 5999 or email@example.com.
All requests relating to this service will be handled according to the IT Request Fulfilment process.
Application developers/systems administrators are responsible for
Application developers/systems administrators are required to adhere to the group naming convention.