Create an Access Policy Group for a New Application in Grouper at U-M

Overview

Access Policy groups in Grouper at U-M control access to services. They are composite groups made up of an _allow group minus a _deny group.  The composite structure provides basic functions needed to manage access and clearly shows the policy definition of who is allowed access and why they have access.  This document provides instructions on how to create Access Policy Groups for a new application. 

Note: Refer to the breadcrumb structure at the top of your Grouper screen at any time to see where you are Grouper. 

    Create an Access Policy Group

    1. Log in to Grouper at U-M.
    2. Navigate to the applicable application folder in the Browse Folders section to create an application folder for the new application and click to open. 
    3. Select Run template under the More actions drop-down list. 
    4. Select Application in the Run Template drop-down list. 
    5. Enter the appropriate information in the Key and Friend Name fields and add a Description
      Note: Hyphens cannot be used in the Key field. 

       
    6. Click Next
    7. Click Submit.
      • The "Best Practice" folder appears at the bottom of your screen in order to create your application. You do not need to make any changes.
      • Grouper will take a few minutes to create your application. Once you see the new application folder in your directory, you can create an Access Policy Group for your application. 
    8. In your new application folder, navigate to Service > Policy and click to open the Policy folder. 
    9. Select Run template from the More Actions drop-down list. 
    10. Select Policy group from the Template Type drop-down list. 
    11. Add applicable information to the Key and Friend Name fields and a Description.
    12. Click Next
      Note: The ‘"Best Practice" folder structure for an Access Policy Group now appears at the bottom of your screen. You have the option to add groups to manually allow or deny an individual access to your application. 
    13. Click Submit.
      Note: When you click on your Access Policy Group, you can view the components of the composite group defined. See the example below.

    Additional Information 

    Last Updated: 
    Monday, December 6, 2021