Workgroup Mapping and User Roles
Workgroup role mapping allows you to easily maintain site editing permissions by assigning a user role to an entire workgroup.
Warning: Changing workgroup role mapping could lock you out of your site. Please use caution when mapping roles to workgroups.
What’s a workgroup?
A Stanford workgroup is a list of members in a group, identified by their SUNet IDs, and given a name that uniquely identifies it. A workgroup may also contain subgroups — other workgroups identified by their name.
Note: For the purposes of mapping Workgroups to Drupal roles, Workgroup administrators will receive the role regardless of whether they are explicitly listed as members of the Workgroup.
Stanford workgroups come in two flavors:
- Organization workgroups owned and managed groups of people in departments, divisions, or projects (e.g., its:directors, gsb:affiliates, helpdesk:consultants)
- Individual workgroups owned and managed by individuals (e.g., ~jdoe:book_exchange)
Learn more about Stanford workgroups.
Where do I go to create or manage workgroups?
All Stanford community members with active SUNet IDs are able to create personal workgroups with their ~sunetid stem. To add members to an existing workgroup, you must be an administrator of that workgroup. To create a group with an organizational stem, you must be a designated maintainer for that stem. Log in to Workgroup Manager.
Learn more about creating and managing workgroups.
How can I use workgroups?
You can use workgroups to assign editing rights for your website through role mapping. We recommend using organizational workgroups for continuity as staffing changes.
The editing roles for a new site include:
- Site Editor
- Site Manager
Only Site Managers can assign roles. Stanford Sites has set permissions for each of these roles to support a consistent editing experience across websites. It is not possible to create new roles unique to your site or modify permission for these roles.
Learn more about managing user accounts.
Set up workgroup role mapping
- From the admin menu bar, navigate to Configuration > Users> SimpleSAML.
- Select the Role, enter the Workgroup, then click Add Mapping button:
Role(s) are assigned automatically to people who log in via Web Login with their SUNetID, based on their workgroup membership(s).
When adding a new workgroup group role mapping, logged-in users may need to log out and back in again to receive the new role.
Roles for page access on intranets
In addition to the editing roles mentioned above, sites on the Stanford Sites Intranet platform can have custom roles used to control access to individual pages on the intranet. The roles are added by Stanford Web Services when your site is built or can be created later. These roles can be assigned to individual users, or you can use the same role-mapping technique listed above with a workgroup.If you have a Stanford Sites intranet and need help with roles, contact SWS for assistance.