User groups for access control

What are groups of people?

IAM automatically creates user groups for an organizational unit, enabling you to automatically assign access rights to all employees within that unit. For example, if you want all employees currently working for you to have access to a file server and/or a task-specific email account, you can add the user groups “Full-time University Staff” and/or “Part-time University Staff” (e.g., student assistants) as members of the corresponding security group in the IAM portal. These user groups are automatically populated based on data from the HR system. This eliminates the need for manual assignment of access rights.

Example (german only):

view Example of how to use a group of people — Figure 1: Example of how to use a group of people

By adding the user group “Rechenzentrum / IT Support: Full-time University Staff | User Group” as a member of a security group, all members of the group will be granted access to the network drive. This allows you to adjust permissions for multiple users at the same time.

When can groups of people be deployed?

User groups can be used not only to assign permissions for file servers, but also, for example, to grant access to task-specific email accounts and to add users to distribution lists.

If not all members of a user group (full-time or part-time) are supposed to access a task-based data service, you cannot use the user group and must continue to manage access rights manually. If additional users who do not belong to your organizational unit are to be granted access rights, they can be added as members to the data service’s security group in addition to the user groups.

What types of people are available, and who belongs to these groups?

Group of people	Members of the organizational unit
Full-time university staff	Non-academic staff Academic staff
Full-time academic staff at the university	Full-time academic staff
University staff (academic)	Academic staff other than student and research assistants, i.e., in addition to full-time academic staff: Adjunct professors Honorary professors Lecturer Private lecturers Retired professors Emeritus
University staff working part-time	Student and research assistants (Please note that this group includes only student assistants who have a staff user account.) Unscheduled Adjunct professors Honorary professors Lecturer Private lecturers Retired professors Emeritus

All organizational units can use user groups. Each organizational unit automatically has two or three user groups that are managed centrally and cannot be modified manually.

How are the names of groups of people formed?

The name of a group of people consists of three components:

Long description from the org code (The org code can be found at zuvportal.uni-bamberg.de under “Organizational Management” on the “Complete Org Codes / With Legend” page in columns f05 and f06)
Type of group (full-time university staff, part-time university staff, academic university staff)
Cost center (column f01 from the organizational key mentioned above)

Display name format: Full name: Type (Cost Center) | Person Group
Example: Rechenzentrum / IT Support: Full-time University Staff (Cost Center 410270) | Employee Group

Please note: A cost center ending in 99 and containing the designation “not divisible” in its name does not include all individuals from cost centers xxxx01 through xxxx98.

Aggregated groups of people

The following service units can use this member management system not only at the departmental level but also for all employees of the unit (= aggregated groups of individuals):

Bamberger Zentrum für Lehrerbildung
Rechenzentrum
Sportzentrum
Universit?tsbibliothek

Aggregated user groups are only available for service units, as these have subdivisions; in other words, there are no user groups such as “SOWI Faculty.”

Do you have any questions?

Information about security groups

IT-Support
Telephone: +49 951 863-1333
E-Mail: it-support(at)uni-bamberg.de