University Lookup Directory
Explanation of terms in the directory
- Who is in the directory?
- What is a "institution" in the directory?
- What is a "group" in the directory?
- What are "institution members" in the directory?
- What does "suppress" mean in the directory?
- What does "membership visibility" mean?
- What does "privileged access" mean?
Who is in the directory?
The directory contains information about every person and every University institution known to the Computing Service. This includes all University students and almost all staff, as well as most of the staff employed by Colleges and other associated institutions, as well as a small number of affiliated institutions (see the Terms and Conditions for details of these).
An individual who has exercised the right to make all their directory data private will not be visible to users of the directory except as a CRSid without an associated name.
A few other CRSids (duplicates issued for testing purposes, course identifiers and so on) also appear in the directory.
What is a "institution" in the directory?
Institutions in the directory are the institutions recorded in the Computing Service database, Jackdaw. They include the obvious Departments and Colleges, and a variety of other institutions. In the Computing Service database every individual belongs to exactly one institution, but in the directory it is possible to belong to more than one institution.
Within Colleges and within some postgraduate courses, students are treated as separate "child institutions" with a separate list of members, usually one for undergraduates and one for graduates. Institutions may choose to subdivide their own institutional data to include child institutions not known to Jackdaw.
What are "institution members" in the directory?
The members page for an institution shows all the names (or CRSids if the name is private), and email addresses and phone numbers if not private, of people in the directory who are members of the institution. Members of child institutions are initially only listed within the child institution and not in the main institutional members' list.
A person becomes a member of an institution either by belonging to that institution in the Computing Service database, or when the editors' group for the institution itself adds them to the institutional members' list. You cannot add yourself to an institution.
What is a "group" in the directory?
A group in the directory is just a list of CRSids identifying people who have some particular authorisation or rights. It is not directly connected with other groups in the University such as research groups.
Initially the groups mechanism was used to create groups who have the right to edit a particular institution's data; but it can also be used to control a variety of types of privileged access to resources.
What does "private" mean in the directory?
Any data item which a user chooses to make private in the directory cannot be seen except by that user and by the editing group for the institution(s) to which the user belongs (or in the case of group membership by the managers of the group concerned). In all these cases the item is marked as being private; other users (whether of the web interface or of LDAP) cannot see it at all.
Items can be made private individually (on the user's editing page or groups page) or all at once; the only items which cannot be made private are institution and CRSid. You can also choose to make private by default, for your data, any attributes that may be added in future to the directory.
What does "membership visibility" mean?
When a group is set up in the directory, the managers of the group decide how visible the membership of the group should be. It may be visible
- to any user with a Raven password or using LDAP from an @cam address
- to members of the group only
- to the managers of the group (and possibly to others with "privileged access" as described below)
- in principle, to the world
Any user may individually alter the visibility of his or her own membership of a group. In the first two cases above, the user looking at the group membership will only see those members who have not chosen to be invisible. The managers of the group can always see all members.
What does "privileged access" mean?
As described above, the managers of a group can see all members of the group. Group managers are also allowed to change the properties and membership of the group. It is sometimes appropriate to have a further set of people who are allowed to see all members of the group (for instance, in order to give them certain privileges of access to web pages or other resources), but who are not allowed to change anything relating to the group.
A group may therefore, in addition to its management group(s), have one or more "privileged access" groups, the members of which can read all the information about the group but not change it.