IAM in Service Catalog
|Table of Contents|
The UW groups service is a central location in which groups can be created, managed, and then reused in other services and applications. Groups can be created from various sources of group information and used in a wide variety of integrated services and applications, as illustrated in Figure 1.
Common uses of groups in applications include email, collaboration, calendaring, access control, purchasing, sharing, voting, scheduling, federating, surveying, and polling.
Purpose / Usage
Communicating via email with a group
Communicating and sharing resources among a group
Scheduling events and/or sharing calendars with a group
Managing and reviewing access to resources based on a group
Providing software and other resources for purchase to an eligible group
Distributing resources to a group
Putting choices to a vote by a group
Asserting group membership to 3rd party applications via federation
Conducting surveys with a group
The UW groups service uses a structured namespace for group identifiers, known as UW Group IDs, permitting UW people and organizations to create and manage groups independently. Each group has a unique UW Group ID. Systems and applications using UW Groups typically refer to groups using UW Group IDs.
Any type of UW NetID may be used as a group member
An ID from some non-UW identity service provider, in user@domain format
Any DNS name, typically subject names in UW CA-issued X.509 certificates
UW Group ID
Other UW Group IDs can be members of groups.
The netbios name of a computer joined to UWWI followed by a "$" character
The UW groups service provides controls to manage who can create, update, and delete group information. All groups have these controls:
Permits all operations on the group, including update, delete, create subgroup, manage members, and view members
Permits new subgroup creation; i.e. new UW Group IDs using this group's ID as the prefix
Permits adding and removing members of the group
Permits restricting who can view a group's membership, including no restrictions
Permits individuals to join a group membership on their own
Permits individuals to leave a group membership on their own
An organizational home group has an initial set of users with Admin control, as requested by the organization. You have Admin access to your personal home group when it is created. These controls can be modified at any time so you can control access as needed.
The creator of a group is automatically added as an Admin of the group. In those cases where this isn't desirable, return to the Edit page after group creation and remove the entry. Make sure that at least one other person or group is listed as an administrator.