Group (computing)
   HOME

TheInfoList



Click Here for Items Related To - Group (computing)
OR:
Group (computing) on:   [Wikipedia]   [Google]   [Amazon]

In computing, the term group generally refers to a grouping of
users Ancient Egyptian roles * User (ancient Egyptian official), an ancient Egyptian nomarch (governor) of the Eighth Dynasty * Useramen, an ancient Egyptian vizier also called "User" Other uses * User (computing) A user is a person who ...
. In principle, users may belong to none, one, or many groups (although in practice some systems place limits on this.) The primary purpose of user groups is to simplify access control to
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
systems. Suppose a computer science department has a
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
which is shared by
student A student is a person enrolled in a school or other educational institution. In the United Kingdom and most commonwealth countries, a "student" attends a secondary school or higher (e.g., college or university); those in primary or elementar ...
s and
academics An academy (Attic Greek: Ἀκαδήμεια; Koine Greek Ἀκαδημία) is an institution of secondary or tertiary higher learning (and generally also research or honorary membership). The name traces back to Plato's school of philosophy, ...
. The department has made a list of
directories Directory may refer to: * Directory (computing), or folder, a file system structure in which to store computer files * Directory (OpenVMS command) * Directory service, a software application for organizing information about a computer network's ...
which the students are permitted to access and another list of directories which the staff are permitted to access. Without groups, administrators would give each student permission to every student directory, and each staff member permission to every staff directory. In practice, that would be very unworkable – every time a student or staff member arrived, administrators would have to allocate permissions on every directory. With groups, the task is much simpler: create a student group and a staff group, placing each user in the proper group. The entire group can be granted access to the appropriate directory. To add or remove an account, one must only need to do it in one place (in the definition of the group), rather than on every directory. This workflow provides clear separation of concerns: to change access policies, alter the directory permissions; to change the individuals which fall under the policy, alter the group definitions.


Uses of groups

The primary uses of groups are: * Access control * Accounting - allocating shared resources like disk space and
network bandwidth In computing, bandwidth is the maximum rate of data transfer across a given path. Bandwidth may be characterized as network bandwidth, data bandwidth, or digital bandwidth. This definition of ''bandwidth'' is in contrast to the field of signal p ...
* Default per-user configuration profiles - e.g., by default, every staff account could have a specific directory in their
PATH A path is a route for physical travel – see Trail. Path or PATH may also refer to: Physical paths of different types * Bicycle path * Bridle path, used by people on horseback * Course (navigation), the intended path of a vehicle * Desire p ...
* Content selection - only display content relevant to group members - e.g. this portal channel is intended for students, this mailing list is for the
chess Chess is a board game for two players, called White and Black, each controlling an army of chess pieces in their color, with the objective to checkmate the opponent's king. It is sometimes called international chess or Western chess to disti ...
club


Delegable group administration

Many systems provide facilities for delegation of group administration. In these systems, when a group is created, one or more users may be named as group administrators. These group administrators are then capable of adding and removing other users from the group, without relying on a system administrator. Some systems also provide joinable groups, which are groups to which users may elect to add themselves. Joinable groups are not intended to be used for access control, but rather for such purposes as
electronic mailing lists A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients. The term is often extended to include the people subscribed to such a list, so the group of subscribers is re ...
.


Static vs. dynamic groups

Many systems (especially
LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
systems) offer the facility of dynamic groups. Traditionally groups are static: one defines a group by individually selecting its members. In dynamic groups, however, an administrator can specify search criteria. All users which match the search criteria will be considered a member of this dynamic group. For example, one might build an LDAP directory using source data from a student administration system. The student system could provide an attribute ''degreeCode'', which might be a numeric code identifying the
degree Degree may refer to: As a unit of measurement * Degree (angle), a unit of angle measurement ** Degree of geographical latitude ** Degree of geographical longitude * Degree symbol (°), a notation used in science, engineering, and mathematics ...
program in which the student is enrolled. Suppose then that degreeCode 55 is
Bachelor of Computer Science The Bachelor of Computer Science (abbreviated BCompSc or BCS) is a bachelor's degree awarded by some universities for completion of an undergraduate program in computer science. In general, computer science degree programs emphasize the mathemati ...
. We could then define a group "BCS-Students" as "(degreeCode=55)" – having defined the group, we do not need to manually modify its membership – its membership will change automatically as updates flow through the system. One can construct even more complex definitions: "BCS-Students-1" could be "(&(degreeCode=55)(enrollmentYear=1))" (meaning: a user is a member of the 'BCS-Students-1' group if it's true they're enrolled in the BSC Computer Science degree program and they're in their first year – i.e., Computer Science
freshmen A freshman, fresher, first year, or frosh, is a person in the first year at an educational institution, usually a secondary school or at the college and university level, but also in other forms of post-secondary educational institutions. Ara ...
).


Roles

Some systems (e.g.
Sun The Sun is the star at the center of the Solar System. It is a nearly perfect ball of hot plasma, heated to incandescence by nuclear fusion reactions in its core. The Sun radiates this energy mainly as light, ultraviolet, and infrared radi ...
/
Netscape Netscape Communications Corporation (originally Mosaic Communications Corporation) was an American independent computer services company with headquarters in Mountain View, California and then Dulles, Virginia. Its Netscape web browser was onc ...
/
iPlanet iPlanet was a product brand that was used jointly by Sun Microsystems and Netscape Communications Corporation when delivering software and services as part of a non-exclusive cross marketing deal that was also known as "A Sun, Netscape Alliance" ...
LDAP servers) distinguish between groups and roles. These concepts are mostly equivalent: the main difference is that with a group, its membership is stored as an attribute of the group; whereas with roles, the membership is stored within the users, as a list of roles they belong to. The difference is essentially one of performance trade-offs, in terms of which type of access will be faster: the process of enumerating the membership of a given collection (faster for groups), or the process of enumerating which collections this user belongs to (faster for roles).


See also

* *


References

{{DEFAULTSORT:Group (Computing) Identity management