Security :: Affiliations and Groups

Printer-friendly version


The terms Affiliations and Groups are used to define the roles and relationships people have with HSU. Affiliations are represented in two ways: in the user’s record or as a member of a particular group. At HSU, affiliations are published in LDAP user records in the eduPersonAffiliation attribute, and in AD and LDAP under HSU-Groups.

Common HSU affiliations include:

  • Faculty
  • Instructor
  • Staff
  • Student

LDAP user records are updated nightly to include any newly active affiliations. The eduPersonAffiliation attribute is multi-valued and contains all the affiliations for which a user qualifies. Only special accounts can view the contents of the eduPersonAffiliation attribute; access to these accounts may be granted by special request.

A user may have many affiliations, but users who lack a current or former affiliation is designated inactive.

Affiliation-based groups

Most applications are able to use groups more easily than user records. Affiliation-based groups are maintained for LDAP and Active Directory (AD) in HSU-Groups. The most common use of affiliation-based groups is to control workstation and server access using Windows Active Directory. In addition to top-level affiliation-based groups such as Student, Staff, and Faculty, a number of other dynamic groups are maintained by the identity registry (Account Settings).

Enrollment-based groups

  • Term Codes and CRNs: Groups consisting of enrolled students and instructor, sorted by term code and CRN

  • BLDG-Room: Students currently enrolled (Current Term) in a scheduled room.

Departmental groups: Majors, Faculty, Instructors, and Staff

Dynamic or automatically created and maintained groups for Majors, Faculty, and Staff are located in Active Directory and Open LDAP based on PeopleSoft HCM. These groups are updated nightly, and a container for each college or department has been created under the HSU-Groups organizational unit. In the case of colleges, organizational unit containers are created for each department listed in PeopleSoft HCM. Within each department, groups are created for department-faculty, department-staff, department-instructor, department-major, and department-major-grads.


AD/LDAP | hsu-groups | NRS | NRS-BIOL |nrs-biol-majors
nrs-biol-biol (Biology Department Majors)
nrs-biol-bot (Department of Biology: Botany Majors)
nrs-biol-zool (Department of Zoology: Zoology Majors)

Faculty Affiliation Details (updated nightly)

User LDAP Record contains Faculty under calstateEduPersonAffiliations.
User is added to AD/LDAP group Faculty under  HSU-Groups.
Criteria for Faculty Affiliation
1.  Current Active job record in peoplesoft w/ union_cd = 'R03'
2.  Current Active POI type 00101 (Emeritus Faculty).
3.  Current Active POI type with description containing the work 'Faculty'
        00209  Adjunct Faculty
        00315  Adjunct/Associate Faculty
        00101  Emeritus Faculty
        00102  Exchange Faculty
        00103  Exchange Faculty Dependent
        00325  Future Hire Faculty
        00305  Volunteer Faculty-Non Teaching
        00300  Volunteer Faculty-Teaching
4.  Current contract in ps_csu_cntrct_data with status of A or P

Instructor Affiliation Details (updated nightly)

User LDAP Record contains "Instructor" under calstateEduPersonAffiliations.
User is added to AD/LDAP group "Instructor" under  HSU-Groups.
Criteria for "Instructor Affiliation"
1.  Assigned to teach a class.
       1.  strm = any term that hasn't ended
       2.  listed as an instructor in ps_class_instr

Staff Affiliation Details

These rules pick up faculty as well; staff is what is left over after faculty are split out).
1.  active job record in ps_jobs
       1.  empl_class != 'S'  -- exclude students
       2.  hr_status = 'A'  -- active status
       3.  last name not like 'Do NOT USE%' -- not a mistaken entry
2.  Active Contract in ps_csu_cntrct_data
       1.  cntrct_exp_end_dt >= today   -- contract still in effect
       2.  contract_status in 'A', 'P'
       3.  last name not like 'Do NOT USE%' -- not a mistaken entry
3.  Active POI record
       1.  expected end date is null or >= today
       2.  last name not like 'Do NOT USE%' -- not a mistaken entry
       3.  POI_type in
                       00010 Other
                       00100 Future Hire
                       00101 Emeritus Faculty
                       00102 Exchange Faculty
                       00105 Volunteer
                       00202 Campus Guest
                       00203 Auxiliary-Foundation
                       00300 Volunteer Faculty-Teaching
                       00305 Volunteer Faculty-Non Teaching
                       00310 Recruitment Committee Member
                       00315 Adjunct/Associate Faculty
                       00320 University Center
                       00325 Future Hire Faculty
                       00330 Future Hire Staff