labkey allows us to create groups of users. it does not directly allow the create of groups based on other groups (as far as i know).

it's very common for a given action (like whether a button shows up) to be limited to members of some number of groups. rather than create and maintain membership in a new group specifically for each purpose like this, it would be preferable to define some type of group based on other groups. often these conditions are more complex and cannot be correlated with 'does user have read/write access to the folder where a given query is located'. likewise they dont correlate with dataset security. frequently in certain cases we might expose UI to allow a certain user group to write to a table, but in other situations we dont want that exposed.

if I have JS code on a page, one option would be to hard encode the list of allowable groups and have the code ask 'is the user a member of groups X,Y or Z'. The downside is that these groups are hard coded. The labkey way of testing security seems to be doing something like 'does user have read/write/edit access to folder X'. One way to solve my problem is to create a dummy folder that has nothing to do with the folder where the UI is located. I could then give different user groups different levels of access to this folder. my JS code could then ask 'does the user have read access to this folder'. if true, i show the button. this would do exactly what I need it to do and would actually be somewhat versatile since by giving different groups different levels of folder access a lot of info could be stored in the permissions from 1 folder. however, creating a folder without any content to handle this security purpose seems odd. Is it a reasonable approach and/or is there a better one?