File share access management using Grouper
Grouper is a system for creating and maintaining groups in a central repository.
At Tufts, Grouper is being used to create and manage file share user and other permission groups. Initial setup of groups and designating administrators must be done through a service desk request.
Once a Grouper group is established, designated department staff members can view and update membership in folder permission groups without having to submit a Service Desk request. Grouper provides immediate visibility into, and control over, the granting and rescinding of an individual's file access permissions.
The objective is to put access control into the hands of personnel who know best who should or should not have access to certain folders and files. These individuals are also best positioned to know the type of file access that's required and to know when staff join, leave or transfer within an organizational unit.
Each Grouper permission group consists of a list containing one or more members. At Tufts, every Grouper permission group will have, in addition to its list of members, two or more individuals designated as Group Administrators or Admins. These Group Admins (effectively, a Group's data owners) are individuals authorized to view and update the group's membership. A Group's Admins are not required to be members of the affected Group, but all group members and Admins require Tufts credentials.
If you are a designated Grouper Admin, we recommend that you regularly check your groups membership lists, to ensure that folder access is assigned and maintained appropriately. At a minimum, check and update your Grouper Group each time someone joins or leaves your business unit.