Group (computing)

Group (computing)

In computing, the term group generally refers to a grouping of users. In principle, users may belong to none, one, or many groups (although in practice some systems place limits on this.) The primary purpose of user groups is to simplify access control to computer systems.

Suppose a computer science department has a network which is shared by students and academics. The department has made a list of directories which the students are permitted to access and another list of directories which the staff are permitted to access. Without groups, administrators would give each student permission to every student directory, and each staff member permission to every staff directory. In practice, that would be very unworkable – every time a student or staff member arrived, administrators would have to allocate permissions on every directory.

With groups, the task is much simpler: create a student group and a staff group, placing each user in the proper group. The entire group can be granted access to the appropriate directory. To add or remove an account, one must only need to do it in one place (in the definition of the group), rather than on every directory. This workflow provides clear separation of concerns: to change access policies, alter the directory permissions; to change the individuals which fall under the policy, alter the group definitions.

Uses of groups

The primary uses of groups are:
* Access control
* Accounting - allocating shared resources like disk space and network bandwidth
* Default per-user configuration profiles - e.g., by default, every staff account could have a specific directory in their PATH
* Content selection - only display content relevant to group members - e.g. this portal channel is intended for students, this mailing list is for the chess club

Delegable group administration

Many systems provide facilities for delegation of group administration. In these systems, when a group is created, one or more users may be named as group administrators. These group administrators are then capable of adding and removing other users from the group, without relying on a system administrator.

Some systems also provide joinable groups, which are groups to which users may elect to add themselves. Joinable groups are not intended to be used for access control, but rather for such purposes as electronic mailing lists.

Static vs. dynamic groups

Many systems (especially LDAP systems) offer the facility of dynamic groups. Traditionally groups are static: one defines a group by individually selecting its members. In dynamic groups, however, an administrator can specify search criteria. All users which match the search criteria will be considered a member of this dynamic group.

For example, one might build an LDAP directory using source data from a student administration system. The student system could provide an attribute "degreeCode", which might be a numeric code identifying the degree program in which the student is enrolled. Suppose then that degreeCode 55 is Bachelor of Computer Science. We could then define a group "BCS-Students" as "(degreeCode=55)"—having defined the group, we do not need to manually modify its membership—its membership will change automatically as updates flow through the system. One can construct even more complex definitions: "BCS-Students-1" could be "(&(degreeCode=55)(enrolmentYear=1))".

Roles

Some systems (e.g. Sun/Netscape/iPlanet LDAP servers) distinguish between groups and roles. These concepts are mostly equivalent: the main difference is that with a group, its membership is stored as an attribute of the group; whereas with roles, the membership is stored within the users, as a list of roles they belong to. The difference is essentially one of performance trade-offs, in terms of which type of access will be faster: the process of enumerating the membership of a given collection (faster for groups), or the process of enumerating which collections this user belongs to (faster for roles).

See also

* Group_(database)
* Group identifier (Unix)


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Group — can refer to: Sociology * Group action (sociology) * Group behaviour * Groups of people, a description of various different human groups ** Peer group ** Workgroup * Group dynamics * Group (sociology), a sub set of a culture or of a society *… …   Wikipedia

  • Group identifier (Unix) — In Unix like systems, multiple users can be categorized into groups . POSIX and conventional Unix file system permissions are organized into three classes, user , group , and others . The use of groups allows additional abilities to be delegated… …   Wikipedia

  • Group theory — is a mathematical discipline, the part of abstract algebra that studies the algebraic structures known as groups. The development of group theory sprang from three main sources: number theory, theory of algebraic equations, and geometry. The… …   Wikipedia

  • Group behaviour — Group behavior in sociology refers to the situations where people interact in large or small groups. The field of group dynamics deals with small groups that may reach consensus and act in a coordinated way. Groups of a large number of people in… …   Wikipedia

  • Computing-Tabulating-Recording — International Business Machines Corporation « IBM » redirige ici. Pour les autres significations, voir IBM (homonymie). Logo de Inte …   Wikipédia en Français

  • Computing Tabulating Recording Company — International Business Machines Corporation « IBM » redirige ici. Pour les autres significations, voir IBM (homonymie). Logo de Inte …   Wikipédia en Français

  • Computing — For the formal concept of computation, see computation. For the magazine, see Computing (magazine). For the scientific journal, see Computing (journal). A difference engine: computing the solution to a polynomial function …   Wikipedia

  • Computing Community Consortium — The Computing Community Consortium (CCC) is an organization whose goal is to catalyze and empower the U.S. computing research community to pursue audacious, high impact research. Established in 2006 through a cooperative agreement between the… …   Wikipedia

  • Group decision support system — An interactive computer based system that facilitates users finding (partial) solutions to semi structured problems. A GDSS uses a set of decision makers working together as a group.Technical developments in electronic communication, computing,… …   Wikipedia

  • Computing the permanent — In mathematics, the computation of the permanent of a matrix is a problem that is believed to be more complex than the computation of the determinant of a matrix despite the apparent similarity of the definitions. The permanent is defined… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”