A dynamic group is a group, of any group class, whose list of members is considered a list of potential members. A dynamic group is created and populated with members like any other group. Whether or not a group is dynamic is part of the groups definition. It is recorded in the is_dynamic attribute and can be changed after the group is created. (In this application, is_dynamic is the field labeled Dynamic Group.
When a session is started, whether Content Server treats a user in a dynamic group as an actual member is dependent on two factors:
The default membership setting in the group object
Whether the application from which the user is accessing the repository requests that the user be added or removed from the group
You can use dynamic groups to model role-based security. For example, suppose you define a dynamic group called EngrMgrs. Its default membership behavior is to assume that users are not members of the group. The group is granted the privileges to change ownership and change permissions. When a user in the group accesses the repository from a secure application, the application can issue the session call to add the user to the group. If the user accesses the repository from outside your firewall or from an unapproved application, no session call is issued and Content Server does not treat the user as a member of the group. The user cannot exercise the change ownership or change permissions permits through the group.