Help & Support

Start working with access groups by clicking "Teams" in the main menu and then selecting the team for whom you wish to build a group. Finally, click the "Groups" option in the menu directly below the team name. This screen is the primary starting point, which will allow you to create and manage your groups. It allows you to create a new group, lists the team's existing groups, and allows you to delete a group.

To create a group, select the "Create Group" button. When choosing a group name, try to be descriptive yet concise. Include related team or application names if possible. As an example, for a group of MAUI developers, you might choose maui-developers. Or if HR has a sub-team for compliance efforts, they might choose hr-compliance-admins. Group names must be unique within your team. To prevent collisions with other ActiveDirectory groups on campus, Campus Data will qualify the official group name such that it is unique while setting the group's display name to the value you specify. As a result, Campus Data users will see the MAUI group above as maui-developers however the official AD name will be of the form data-3423423-maui-developers where the number is associated with the Campus Data team.

The core of every access group is its list of members. The membership screen provides the list of the current members along with controls to add new members and delete existing members. To add a member, enter a person's hawkid in the input box and click "Add Member". You can look up a hawkid in the Campus Directory

The usage screen provides an overview of all the data items that use the group in either their security or access configuration. This will quickly show you how the group is being used and expose potential problems with item configuration. For example, if an item is configured to add new users to the group but the group is not used in the item's security, the usage screen will flag that as an error.

The history screen provides a log of when users are added to and removed from the group. The log specifies when the activity occurred and who triggered the action.

The Details screen provides low-level details about the Active Directory group. Most users typically won't need this information. However, one important feature is found on the Details screen, which is the ability to enable group e-mail. Activating this option will create an single e-mail address that can be used to communicate with all group members.

The process to create the e-mail address takes roughly 30 minutes to complete. Once submitted, the Details screen reflect the fact that the request was submitted. After the address is successfully created, the group details will include the e-mail address. If the address is not available after two hours, an error message will appear. If the process fails, please contact site administrators for further assistance.

Composite groups allow you to "merge" Campus Data Access Groups with Institutional Roles.

• Groups to Sync = Comma-separated list of Campus Data Access Groups to sync into the composite group
• Roles to Sync = Comma-separated list of Institutional Role KEY values to sync into the composite group (includes Members AND Administrative Delegates)
• Sync happens DAILY.
  • Someone added to an institutional role on Day X should be in the composite group by noon on Day X+1.
  • Likewise, someone REMOVED from an institutional role on Day X should be OUT of the composite group by noon on Day X+1.

IMPORTANT NOTE: These groups can NOT be used as the target for Access Request Workflow (see Item Access Approval below), because their membership comes exclusively from the synced groups/roles. This means people can NOT be added directly to the composite group. To enable Access Request Workflow on a data item permissioned with a composite group, make the target group one of the groups configured in the "Groups to Sync" box of the composite group.

To use a group to control access to a data item, you must specify the group in the item's security configuration. Navigate to your item and select "Security" from the Settings menu. Next select the option labelled by This data is available to team members and campus users according to the rules below. After choosing this option, you will be presented with the security rule builder. In the first select menu, choose the option labelled Member of team group. This will cause your access groups to be populated in the third menu. Choose the group that should grant access to the item and save your settings.

If you want users to be able to request access to your item, you should check the Discoverable option at the bottom of the Security screen. This will cause your item to be visible in search results even if the user does not have access. Users without access will be prompted to request it.

To automatically add approved users to your group, you must specify the group in the item's access approval configuration. Navigate to your item and select "Access Approval" from the Settings menu. There are two overarching options here. The first is to enable an access approval workflow. If this is selected, access requests will be created in the Universal Workflow system. Otherwise, the requests will be handled internally within Campus Data. Internal requests require approval from the data team. External requests can require either supervisor approval, data team approval, or both.

The second option, which is relevant to access groups, is the option to automatically process approved access requests. If this option is activated, you must specify the access groups to which approved users will be added. When a user successfully completes the approval process, Campus Data will be notified and that user will be added to the specified access group. The user will then be given access to the data item within 10 minutes.