CalGroups User Guide

Click to jump to a section, below:

How to Create a New Folder

  1. Navigate to the folder in which you want your new folder to reside

  2. Click the more_actions button

  3. Select Create new folder

    create_folder

  4. Review the Create in this folder field: 

    1. Make sure the folder hierarchy indicates you are placing your new folder in the proper location

    2. You can also click the “search for a folder…” link to see other locations you can create a folder

  5. Folder Name: Enter a name for your new folder

  6. Folder ID: Do not change

  7. Description: Enter a description that explains what the folder will hold

  8. Click the save button

How to Create a New Groupnew_group

In the example below, a new group will be created to serve as an Admin Privilege group in later examples.

  1. Navigate to the folder in which you want to create a new group

  2. Click the more_actions button

  3. Select Create new group

  4. Review the Create in this folder field: 

    1. Make sure the hierarchy indicates you are placing your new group in the proper location

    2. You can also click the “search for a folder…” link to see other locations you can create a folder

  5. Group name: Use something descriptive (refer to Naming Conventions for more information)

  6. Group ID:  Leave as is (unless your use case requires it to be different)

  7. Description: Enter a description that explains what this group will be used for

  8. Click the save button

Tips for New Groups

  • Users are allowed to create groups only in folders they have access to.
  • A group name and ID are usually the same, so the Group ID is automatically populated with the group name.
  • Be sure to use meaningful group names!

Adding Members to Groups

Add a single member 

  1. From inside the group, click the add_members button

  2. add_memType the member email address, UID or name in the search field

  3. Add the member by selecting a person from grey drop-down menu that appears

  4. Click the add button

Alternative Method to Add Single Users

  1. Click the add_members button

  2. searchClick the link to “search for an entity

    1. Type the member name or partial name in the search field

    2. Click the Search button

    3. Click on the person you want to add

  3. Click the add button

Searching Tips

  1. If you have trouble finding a member, click the link to "search for an entity." That search screen allows for more flexible and partial name searching.

  2. You can search by typing a partial name; just be sure to select the correct user from the drop-down menu

  3. You will receive “the value entered is not valid” error if the name is not entered exactly into the search bar

  4. If you try to add a search term that cannot be found as a user, you will receive the following error: "> Error: Ldap NamingException: Request: 3 cancelled, Problem calling method addMemberSubmit on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group"

Add another group to existing group

  1. Click the add_members buttonsearch

  2. Click the link to “search for an entity

    1. Type the group name or partial group name in the search field

    2. Click the Search button

    3. Select the group you want to add

  3. Click the add button

Add members to a group from a text file

In order to add members to a group from an external source, you need to have the member UIDs.add_file

  1. Prepare the import file (Click here to see a sample import file)

    1. Open a text document

    2. Enter the term, “entityIdOrIdentifier” on the first line of the document

    3. Copy and paste member UIDs, one per line, below

    4. Save as .txt file (note: saving as rtf does not work)

  2. Next, navigate to group you want to add members to

  3. Click the more_actions button

  4. Select Import members

  5. Next to How to add Members?, select the Import a file radial button

  6. Press the Choose File button and select your prepared text file

  7. Scroll to the bottom of the page.

  8. You may opt to replace existing group members with the list you are importing by checking the box at the bottom

  9. Press the add_members button

  10. Review the Import results screen. Press the ok button to return to the groupAdd members to a group from a text file

Copy/paste a list of UIDs

  1. Copy a list of UIDs

  2. Navigate to group you want to add members to

  3. Click the more_actions button

  4. Select Import Members

  5. Select Copy/paste a list of Member Ids

  6. Paste the UIDs into the box

  7. You validate entries by clicking that button

  8. Double check that the users you are correct (see note, below)

  9. Press the add_members button

A note about adding by UID: pasting UIDs ocassionally results in the wrong account being added. This happens when the UID matches the name of another account -- ie UID 100 may return spa-100-class, instead. In that case, add the member individually and delete the unwanted member. You can also use the text file method, above.

How to View Group Members

  • Navigate to the group you want to review
  • Click the group name
  • Members are listed under the Members tab
  • Direct members are people who were added directly to the group
  • Indirect members are members of groups that were added to the group

How to Make an Access Group

Why make an access group?

CalNet highly recommends that you take advantage of CalGroup’s automated de-provisioning features by creating access groups. An access group is a composite group whose membership is determined by the intersection of an ad hoc group that you define and an official group (such as all employees) to which all members must belong.  Creating an access group instead of just using an ad hoc group allows you to benefit from updates to official university data. For example, if your access group requires a person to be both a member of your ad hoc group AND the all-employees official group, then the moment a group member ceases to be an employee, they will automatically be removed from your access group. You will still want to remove them from your ad hoc group when you get a chance, but any services that require membership in the access group will be automatically revoked.  

composite_group

How to make an access group

  1. To use a composite group, first create an Ad Hoc group using the instructions for How to Create a Group and Add Members to Group. Be sure to note the name of the group so you can find it later.

  2. Next, create a new, empty group

    1. Navigate to the folder in which the group should reside

    2. Click the more_actions button

    3. Select Create New Group

    4. Group Name: Use a name that indicates it is an access group

    5. Group ID: Leave as is

    6. Description:  Write a description that explains what this group will be used for

    7. Press the save button

  3. Select more_actions from inside the empty group

    composite

  4. Select Edit composite

  5. Click the Yes radial button; a new menu options will appear below the button

  6. First Factor Group: This group is the Ad Hoc group you created earlier. Search by group name

  7. Operation: Choose and (intersection) to allow for auto-deprovisioning

  8. Second Factor Group: This group is an official group you want to cross your ad hoc group with. A common selection would be “All Employees.” Search by group name and select the group you want to use (click here to see definitions for official campus groups)

  9. Press the save button

Create Include/Exclude Composite Groups

  1. Create a group. Do not add any members. Only empty groups can be made Include/Exclude Composite groups.
  2. Open the More actions drop-down menu and select Attribute Assignments.
     Attribute Assignments

  3. In the group's Attribute Assignments page, click on + Assign attributes.
     
  4. Type include in the Attribute name text box and then select etc:legacy:attribute:legacyGroupType_addIncludeExclude from the drop-down menu options and then click save.


  5. Verify that the attribute assignment is as follows:
    • Assignment type: Direct assignment
    • Attribute name: legacyGroupType_addIncludeExclude
    • Enabled?: enabled
    • Assignment values: leave blank
    • Attribute definition: legacyGroupTypeDef_addIncludeExclude


  6. In the folder where the group is located, there should now be intermediate groups that make up the overall group. Please note that membership updates in Include/Exclude-type composite groups CAN NOT be done to the overall group directly. Instead, membership updates should be done to the "includes", "excludes", or "system of record" intermediate groups. The overall group membership consists of members in the "system of record" PLUS "includes" groups MINUS the "excludes" group members.


Export Members from Group

  1. Navigate to the group you want to export data from

  2. Click the more_actions button

    export

  3. Select Export members

  4. Choose all member data

  5. Press the export button

  6. Your file will download as a .csv file. Open and save as appropriate.

  7. Click return.

favorites

How to Add to My Favorites

Use My Favorites to quickly access your most-used groups and folders. To add a group or folder to My Favorites:

  1. Navigate to the group or folder

  2. Click the more_actions button

  3. Select Add to my favorites
     

Understanding The Difference between Groups and SPAs

When you search in CalGroups for a SPA, you can now see the account as well as the SPA group. Formerly, you were only able to see the group.

Any user in CalGroups can see a SPA. SPA groups have more restrictions. You can only see the group if you are in the group.  In the screenshot below, search results for “calnet-coordinator” return both the group- and the SP_Account, because the user doing the search is a member of the SPA group.

spa_views

How to Change a Group's Name

Only admin of a group have the ability to change a group's name and ID. 

  • Navigate to the group you want to rename
  • Click the group name
  • Select "more actions"
  • Select "edit group"
  • Change both the Group Name and Group ID
  • Click save
  • The name change will be reflected in any downstream systems (LDAP, AD, Google) as provisioned.

Differentiating accounts with similar names in search

The recent release included a change to how all names are displayed. When searching, names will appear as: UID - name - department name

search_display

Notice that when names appear in the search results, if the user is an employee or affiliate, it will show their department; otherwise, it will show Non - FSA to indicate that they are not an employee/affiliate.

In the screenshot above, the search for “Scanlan” shows Summer’s Guest Account (non-FSA), her employee account (with department listed) and a variety of test SPAs.

cn (common name) and displayName

Also in the recent release: all names (including SPA names) are displayed using cn convention. Hover over a name in a group and you will see the UID, displayName and department of the record. 

Person Example:

cn: Scanlan, Summer

displayName:Summer S Scanlan

Search results for “Scanlan” will return as cn.  Hovering over record shows display name and additional info:

 cn

SPA Example:

cn:SP_Account, Calnet-coordinator

displayName:Calnet-coordinator SP_Account

SPA group: group-spa-calnet-coordinator

CalGroups search results show cn. See example for “calnet-coordinator,” below”

spaex 


Support 

Request access via a folder space using ServiceNow.

If you have questions about CalGroups, including API questions, contact: calnet-admin@berkeley.edu.