Group Lookup in IAM
- Go to iam.bethel.edu
- Click Application > User Account Lookup
- Type the name of the group in the search box and click the appropriate result
- Under the Profile tab, there are many attributes listed. Here are some common ones that may be helpful to reference
- buDepartmentCode - This is the assigned department code (i.e. everyone in this department with automatically get the group, in coordination with buRoleConstraints)
- buDeptConstraints - This is the departments that members are allowed to request the group (in coordination with buRequestableGroup & buRoleConstraints)
- member - This list members (usernames) of the group with their full eDirectory context
- owner - This lists who approves new members of the group if it is requestable
- buRoleConstraints - What roles will automatically be members of the group (in combination with buDepartmentCode) or what roles can request the group (in coordination with buDeptConstraints and buRequestableGroup)
- buRequestableGroup - If present, the group is requestable. NOTE: If all members drop out of the owners group, this will be removed and the group will no longer be requestable. Systems will need to add it back
- buAccountLog - A log of certain activities of this group
Note for shared mailbox lookup: There will be both a MailboxAccess - group, along with the actual mailbox user. You will want to look at the MailboxAccess group.
Example: Nursing - Employees
Anyone with the NURS department code (buDepartmentCode) & STAFF, FACULTY, SPONSORED-STAFF, SPONSORED-FACULTY (buRoleConstraints) will automatically be members in the group
Anyone with STAFF, FACULTY, SPONSORED-STAFF, SPONSORED-FACULTY (buRoleConstraints) in any department (as there is no buDeptConstraints) can request the group and HR - Approvers can approve access (owner)