The group structure contains:
- everyone
- guest
- All Users (authenticated users)
- People file groups (Root of PAGS groups)
- Students (Student Status = Y)
- Faculty (Role in 'FAC%','VF','FEL','PDA','PDF')
- Staff (Role in 'MP', 'CT', 'CAS', 'SM')
- Graduate Students (Role = GRAD_STUDENT)
- Undergraduates (Role = UNDERGRADUATE)
- Seeded portal groups as is
- (as of 2.4.2) SmartLDAP Root
Person Attribute Groups
YaleInfo uses PAGS groups based on attributes retrieved from a view of the people file. The people file view is "materialized" in the portal database so there is no longer and dependency on the other databases at Yale.
Planned use of AD groups in YaleInfo 2.4.2
Using the SmartLdapGroup implementation YaleInfo will include selected groups from the Yale Active Directory. The person directory service will be configured to select all groups that the user is a member of from the AD. Portlets and other resources (such as fragments) can then be restricted or pushed based on the user's membership in an AD group.
Example:
- In the AD, we create an ou for "portal groups" and add a group which will be used by the portal. Into that group we place other groups that are already maintained to govern access to the application.
- The SmartLdapGroup service retrieves all the groups in the "portal groups" ou and they become portal groups under the SmartLDAP Root.
- When a user logs in, the Person Directory service must discover all groups the person is a member of plus all containing groups. Currently it returns only groups that are at the leaf level so a modification to Person Directory to gather containing group information is under construction.