You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

COmanage Groups (CO Groups) are defined at the CO level, and CO Group Memberships attach to the CO Person. CO Groups are fairly basic, for more sophisticated needs COmanage can be connected to Grouper using the Grouper Provisioning Plugin. By default, any CO Person can create a new CO Group.

CO Group Attributes

Open vs Closed

An open group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a closed group can only be set by the group owner.

In addition, CO Administrators can manage any CO Group within their CO.

CO Group Membership Attributes

Member vs Owner

A group member is simply a participant in the group. A group owner has permission to add and remove members to and from the group, including closed groups. A CO Person can be a member, and owner, both, or neither.

The CO Person who creates a CO Group is automatically set as both a member and owner of the new group.

Special CO Groups

Admin Groups

Admin Groups are used to determine Registry Administrators. Admin Groups are automatically created when a CO or COU is created. The Platform Administrator typically sets the initial CO Administrator, and then the CO Administrators.

Since v1.1.0:

  • The admin group is indicated by the group type GroupEnum::Admins and a null cou_id. The default name for the group is CO:admins.
  • The admin groups for COUs are indicated by the group type GroupEnum::Admins and a non-null cou_id. The default name for COU admin groups is CO:COU:COU_Name:admins.

Prior to v1.1.0:

  • The admin group determines CO Administrators.
  • Groups of the form admin:couname determine COU Administrators.

Members Groups

Members Groups are automatically updated with all members of the CO or COU. Members Groups are automatically created and updated.

Since v1.1.0:

  • Members of the CO in Active or Grace Period status are available in the group identified by the group type GroupEnum::ActiveMembers and a null cou_id. The default name for the group is CO:members:active.
  • All members of the CO (except those in Deleted status) are available in the group identified by the group type GroupEnum::AllMembers and a null cou_id. The default name for the group is CO:members:all.
  • Members of a given COU with an Active or Grace Period status role are available in the group identified by the group type GroupEnum::ActiveMembers and a non-null cou_id. The default name for the group is CO:COU:COU_Name:members:active.
  • All members of a given COU (except those with only roles in Deleted status) are available in the group identified by the group type GroupEnum::AllMembers and a non-null cou_id. The default name for the group is CO:COU:COU_Name:members:all.

Prior to v1.1.0:

  • The members group holds all CO People within the CO.
  • Groups of the form members:couname hold all CO People with a role in the specified COU.

CO Group Memberships and Enrollment

CO Group Memberships can be added as part of an Enrollment Flow by adding an attribute of the appropriate type. For more details, see Registry Enrollment Flow Configuration.

CO Group Memberships can also be added via Organizational Identity Sources.

See Also

  • No labels