Role Based Access Control:
Group Access Admin
Group Access Admin, often referred to as GRO, allows active users to create and manage their own manual groups. OIT also creates many standard university groups automatically based on business policy. The goal of Group Access Admin is to grant rights to individuals and groups of users so they can access needed network applications, services, and information. It is also designed to prevent unauthorized access to services by those who do not have a legitimate need. Access for university personnel is based on groups contained within the Group Reference Object database commonly referred to as the "GRO" database.
Attribute-Based Access Control:
The_ABACUS is a tool that BYU uses to grant access to systems. ABACUS stands for Attribute-Based Access Control User System. This tool provides a simple and efficient way to authorize users for a particular function, based on the policies associated with that function. The_ABACUS has the ability to quickly look up attributes, thus greatly improving the speed and efficiency of the authorization process. After a user logs into the system and then tries to access a resource, the system asks The_ABACUS if this user has access to the requested resource. The_ABACUS checks the associated policies, and then sends back a response to the user saying whether he/she is permitted to access the resource or not.
Any active employee or student can create and manage their own manual groups by going to the Group Access Admin (GRO) page. If a manual group needs to be linked to a standard university group, such as student or employee, it can be requested by calling BYU IT Support.
See the User Guide for detailed instructions on accessing the Group Access Admin Service.
There is no charge for use of this service.
The feedback box, located below, is intended for general comments on this page or service information and NOT for help with specific technical issues you are having with the service itself. If you would like a response to your feedback, be sure to include your contact information or log into it.byu.edu using the login button at the top of this page.