Groups and Users

Introduction

Users can belong to one or more groups. This feature allows for access control and the addition of metadata to users. Groups can be automatically provisioned from the IDP, as explained in User Provisioning, enabling:

  • Access control for spaces, files, and folders.

  • Metadata assignment for system-wide use

Group & User configuration resulting in user Metadata

Groups and users can have configurations that serve various purposes, including:

  • Data Filtering: Leverage smartRules to effectively filter data.

  • Personalized Prompts: Add contextual information about users, such as their name or email address, for dynamic prompts based on the currently logged-in user.

  • Custom Calculations: Enable tailored calculations and logic within third-party modules.

More info on custom calculations: Deployment of Hosted SDK Module

API

Metadata for users and groups can be freely defined and managed through the API.

For more details, see the documentation: Managing groups & group members via API

When users belong to multiple groups, metadata inheritance follows a specific process:

  1. Alphabetical Group Sorting: Groups are sorted from A to Z.

  2. Progressive Overwriting: Metadata is inherited starting with group "A," with each subsequent group overwriting conflicting metadata from earlier groups. This means that metadata from group "Z" will take precedence over all others.

  3. User-Specific Configuration: Finally, the user-specific metadata is applied, overriding any group metadata in case of conflicts.

Example of Metadata Inheritance

Here’s an example to clarify how metadata is resolved when a user belongs to multiple groups.

A user named Jon belongs to the Group “A” and to the group “B“ and they have the following configurations.

Jon: userConfiguration: { location: "New York" favouriteFood: "Pizza" } Group A: groupConfiguration{ location: "London" headMaster: "Tom" additionalInfo: "Co-Working Space only" } Group B: groupConfiguration{ location: "Zurich" headMaster: "Michelle" bestBar: "OleOle" }

Resulting Metadata for Jon

Jon: { "Metadata": { "location": "New York", // From userConfiguration (overwrites group) "favouriteFood": "Pizza", // From userConfiguration "additionalInfo": "Co-Working Space only", // From Group A "headMaster": "Michelle", // From Group B (Group B > Group A) "bestBar": "OleOle" // From Group B } }

Conclusion

Using group and user metadata, you can:

  • Streamline access control.

  • Enhance system customization.

  • Build intelligent, metadata-driven features.


Author

@Andreas Hauri

 

© 2024 Unique AG. All rights reserved. Privacy PolicyTerms of Service