Stanford
Stanford Sites User Guide

Workgroup mapping to set up user roles

Workgroup role mapping allows you to easily maintain site editing permissions by assigning a user role to an entire workgroup.

Warning: Changing workgroup role mapping could lock you out of your site. Please use caution when mapping roles to workgroups.

What’s a Workgroup?

A workgroup is a list of members in a group, identified by their SUNet IDs, and given a name that uniquely identifies it. A workgroup may also contain subgroups — other workgroups identified by their name.

Note: For the purposes of mapping Workgroups to Drupal roles, Workgroup administrators will receive the role regardless of whether they are explicitly listed as members of the Workgroup.

Workgroups come in two flavors: 

  1. Organization workgroups owned and managed groups of people in departments, divisions, or projects (e.g., its:directors, gsb:affiliates, helpdesk:consultants)
  2. Individual workgroups owned and managed by individuals (e.g., ~jdoe:book_exchange)

Learn more about workgroups.

Where do I go to create or manage Workgroups?

All Stanford community members with active SUNet IDs are able to create personal workgroups with their ~sunetid stem. To add members to an existing workgroup, you must be an administrator of that workgroup. To create a group with an organizational stem, you must be a designated maintainer for that stem. Login to Workgroup Manager.

Learn more about creating and managing workgroups

How can I use workgroups?

You can use workgroups to assign editing rights for your website through role mapping. We recommend using organizational workgroups for continuity as staffing changes.

The editing roles for a new site include:

  • Contributor
  • Site Editor
  • Site Manager

Only Site Managers can assign roles. There is not currently a way to create new roles or modify permission for existing roles.

Learn more about managing user accounts 

Set up Workgroup Role Mapping

Log in to your Stanford Site.

From the admin menu bar, navigate to Configuration > Users> SimpleSAML

Select the Role, enter the Workgroup, then click Add Mapping button.

Workgroup Mapping--SWS User Guide

Role(s) are assigned automatically to people who log in via Web Login with their SUNetID, based on their workgroup membership(s).

When adding a new workgroup group role mapping, logged-in users may need to log out and back in again to receive the new role.

Roles for Page Access

In addition to the editing roles mentioned above, sites on the Stanford Sites Intranet platform can have custom roles that can be used to control access to individual pages on your intranet.  The roles are created by Stanford Web Services when your site is created, or the role can be created later. These roles can be assigned to individual users, or you can use the same role mapping technique listed above with a workgroup. If you have a Stanford Sites intranet and need assistance with creating roles, let us know.