This is to highlight some of the common terms that you will hear or see when working with Grouper.

• Stem: folder or directory inside of Grouper
• Group: a collection of users
  • Basis group: Created by administrators these are groups that are used to create reference groups
  • Reference group: is shared and made readily available to teams/departments for doing “Group Math” (see below)
  • Policy group: group that is published to the directory that has group math behind it
    • Allowed users –  Denied users  = Policy group
      • Allowed and denied groups are referred to as Intermediate: could also be called a “staging group” as they are used in the calculation/creation of other groups
• Group Math: Used to create populations comprised of subsets of other populations (reference groups are typically utilized)
  • All employees – student employees = full time employees only
• Attestation: used to request validation that a population is still valid or accurate
  • Every 180 days the sponsor for a group is sent an email requesting that the population of the group be reviewed for validity and accuracy
• Loader jobs: automation behind populations that are maintained by Grouper
  • Can be used to pull populations based on SQL queries, LDAP/AD filters, or used against its own internal ABAC system
    • Recent memberships can also be utilized for the automation of group population
      • Recent memberships are available when a user is a member of group and then is removed from a group the loader job would identify them as a “recent member” and they can populate another group
• Membership Requirement: these are implemented as "eligibility" groups. When a membership requirement is in place a user cannot be added to the group unless they are already a member of another specified group and "eligible" to be in the group.
• ABAC: Attribute based access control
• RBAC: Role based access control