We are doing a lot of eligibility work at penn.
A "grouper rule" is for an ad hoc direct membership group where you want people to fall out if something happens (not active anymore). If they are eligible in the future they will not be put back in the ad hoc group unless someone adds them (go through an intake process).
A grouper composite will remove the person from the overall group if they are no longer eligible, but then if they become eligible again, they will be in the overall group.
Penn has been using composites recently and rely on a deprovisioning process (largely through attestation) to remove individual assignments when people leave.
An example is the project to implement banner. To get access to resources someone needs to be in an ad hoc list for the team, needs to be an active employee or contractor, needs to be enrolled in two-step authentication, needs to have done three trainings, and the FERPA training is yearly. For each of these we have overrides to grant temporary access in a pinch. E.g. if someone is having trouble with the LMS, if a BA let someone’s contractor affiliation lapse when it shouldn’t, etc. It’s a complex visualization, but here goes
The three groups on the left are the ad hoc team groups. The next stuff is the eligibility and exceptions. The ngssTeamAll is the reference group that is used in all the policy groups to the right of it (box, confluence, jira, email, Clarizen, banner, etc)
