Group Inheritance
Opendium systems have a powerful grouping mechanism which is configured on the Users & Groups page, with groups organised into a tree, and users, networks and individual computers assigned to one or more of the groups. Settings, such as web filtering, permissions, etc. can be set on each group and by default are inherited by the groups, users and networks within. This is a very flexible approach, allowing global configuration to be set for the root Everyone group, and then refined in the more specific groups, relaxing filters for staff or tightening them for students, for example.
When the system needs to check the configuration, it looks to see which groups apply. For example, when a user accesses a web page, the web proxy will look to see which groups the authenticated user who's making the request is a member of, and which groups contain networks to which the requesting IP address belongs.
Consider the following common group configuration, which is based on our recommended group structure:
- GROUP: Everyone
- GROUP: Administrators
- GROUP: Anonymous
- GROUP: Networks
- NETWORK: 10.0.0.0/8
- NETWORK: 2001:DB8:c0ff:ee00::/56
- GROUP: LAN
- NETWORK: 10.0.0.0/16
- NETWORK: 2001:DB8:c0ff:ee00::/58
- GROUP: Servers
- NETWORK: 10.0.254.0/24
- NETWORK: 2001:DB8:c0ff:ee3f::/64
- GROUP: Wifi
- GROUP: Staff wifi
- NETWORK: 10.1.0.0/16
- NETWORK: 2001:DB8:c0ff:ee40::/64
- GROUP: Student wifi
- NETWORK: 10.2.0.0/16
- NETWORK: 2001:DB8:c0ff:ee41::/64
- GROUP: Guest wifi
- NETWORK: 10.3.0.0/16
- NETWORK: 2001:DB8:c0ff:ee42::/64
- GROUP: Unfiltered wifi
- NETWORK: 10.4.0.0/16
- NETWORK: 2001:DB8:c0ff:ee43::/64
- GROUP: Staff wifi
- GROUP: Users
- GROUP: Staff
- GROUP: Students
- GROUP: Lower school
- GROUP: Year7
- GROUP: Year8
- GROUP: Year9
- GROUP: Upper school
- GROUP: Year10
- GROUP: Year11
- GROUP: Sixth form
- GROUP: Year12
- GROUP: Year13
- GROUP: Lower school