Workgroup mapping to set up user roles
Workgroup role mapping allows you to easily maintain permissions by assigning a user role to an entire workgroup.
Warning: Changing workgroup role mapping could lock you out of your site. Please use caution when mapping roles to workgroups.
What’s a Workgroup?
A workgroup is a list of members in a group, identified by their SUNet IDs, and given a name that uniquely identifies it. A workgroup may also contain subgroups — other workgroups identified by their name.
Workgroups come in two flavors:
- Organization workgroups owned and managed groups of people in departments, divisions, or projects (e.g., its:directors, gsb:affiliates, helpdesk:consultants)
- Individual workgroups owned and managed by individuals (e.g., ~jdoe:book_exchange)
Learn more about workgroups.
Where do I go to create or manage Workgroups?
All Stanford community members with active SUNet IDs are able to create personal workgroups with their ~sunetid stem. To add members to an existing workgroup, you must be an administrator of that workgroup. To create a group with an organizational stem, you must be a designated maintainer for that stem. Login to Workgroup Manager.
Learn more about creating and managing workgroups
How can I use workgroups?
You can use workgroups to assign editing rights for your website through role mapping. We recommend using organizational workgroups for continuity as staffing changes.
The default Drupal roles for a new site include:
- Site Editor
- Site Manager
Only Site Managers can assign existing roles. Only Site Administrators can create new roles or modify permission for existing roles.
Learn more about managing user accounts
Set up Workgroup Role Mapping
Log in to your Stanford Site.
From the admin menu bar, navigate to Configuration > Users> SimpleSAML
Select the Drupal Role, enter the Workgroup, then click Add Mapping button.
Drupal role(s) are assigned automatically to people who log in via Web Login with their SUNetID, based on their workgroup membership(s).
When adding a new workgroup group role mapping, logged-in users may need to log out and back in again to receive the new role.