Grouper is owned and maintained by the Office of Identity and Access Management team. Below are the key points about how permissions are handled in Grouper:

• Structure of core folders in Grouper is standardized across teams
• Grouper is, by default, a tool that uses the concept of "least privilege"
• Groups are owned by their governing team
  • Visibility of groups is up to the owning team 
    • If you are not the owning team of the folder/group then, by default, you will not have access
    • Access can be requested via a ticket to the owning team
• When a group/folder is created the permissions can be inherited from the parent folder or set at that folder/group level
  • If the owner of the group has set this, then any group created in a folder after that point in time will be visible to those granted permission
• Documentation of membership flows are the responsibility of the owning team
  • How target groups are populated is to be documented in the owning teams documentation

See Also:

• What is Grouper?
• Assigning privileges for Group or Folder
• Assigning inherited privileges