Skip to content


Browse files Browse the repository at this point in the history
First full set of documentation for CO320
  • Loading branch information
lpaglione committed Oct 31, 2019
1 parent 517bc56 commit 2540cfa
Show file tree
Hide file tree
Showing 10 changed files with 282 additions and 375 deletions.
4 changes: 2 additions & 2 deletions _episodes/
Expand Up @@ -12,7 +12,7 @@ keypoints:

COmanage is a multi-tenet tool. This means that for each installation, one or more top-level groups can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO.

# 1. The Collaborative Organization (CO)
# 1. The Collaborative Organization (`CO`:gear:)

The term “Collaborative Organization” or `CO`:gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO`:gear:.

Expand Down Expand Up @@ -222,7 +222,7 @@ To be included


NEXT SECTION: [2. The COU](/_episodes/
NEXT SECTION: [2. The COUs](/_episodes/

LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../

Expand Down
6 changes: 3 additions & 3 deletions _episodes/
Expand Up @@ -12,7 +12,7 @@ keypoints:

As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage supports this through the concept of Collaborative Organization Units (COUs), or COUs. COs can support one or more COUs.

# 2. Collaborative Organization Units (COUs)
# 2. Collaborative Organization Units (`COUs`:gear:)

Collaborative Organizations Units (or `COUs`:gear:) allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following:

Expand Down Expand Up @@ -118,7 +118,7 @@ We will now implement what you have specified on your worksheets.

**REQUIRED ROLE**: `CMP Administrator`:crown: OR `CO Administrator`:crown:

3. In the CO menu, click on the "Configuration" link to see the list of customizations that you can make. Click on the link labeled **COUs** to see the list of `COUs`:gear: for the `CO`:gear:.
3. In the menu on the left, click on the **Configuration** link to see the list of customizations that you can make. Click on the link labeled **COUs** to see the list of `COUs`:gear: for the `CO`:gear:.

4. Click the **Add a New COU** link above the table to create a new COU. Fill in the form using the values that you included on your worksheet and click the **ADD** button to add the `COU`:gear:.

Expand Down Expand Up @@ -179,7 +179,7 @@ To be included

PREVIOUS SECTION [1. The CO](/_episodes/

NEXT SECTION: [3. About Departments](/_episodes/
NEXT SECTION: [3. About Groups](/_episodes/

LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../

Expand Down
57 changes: 0 additions & 57 deletions _episodes/

This file was deleted.

199 changes: 199 additions & 0 deletions _episodes/
@@ -0,0 +1,199 @@
title: "The Groups"
teaching: 20
exercises: 0
- "Question here"
- "List the objectives"
- "List the key takeaways for the episode"

# 4. About `CO Groups`:gear:

COmanage Groups (`CO Groups`:gear:) are defined at the `CO`:gear: level, and `CO Group Memberships`:gear: are attach to the `CO Person`:gear:. `CO Groups`:gear: provide group functionality enabling actions to be applied to all members of the group at the same time, for example, granting access to an application, joining a mailing list, or expiring membership at the same time. By default, any `CO Person`:gear: can create a new `CO Group`:gear:.

In some cases you will have more sophisticated provisioning needs than can be managed from within COmanage. In these cases, COmanage can be connected to Grouper.

The attributes for a `CO Group`:gear: include:

* Name - name of the group
* Description - a helpful way to explain the purpose of the group
* Open vs Closed - An _open_ group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a _closed_ group can only be set by the group owner.

# Difference between `CO Groups`:gear: and `COUs`:gear:

The major differences between `COUs`:gear: and `CO Groups`:gear: are

Condition | `COUs`:gear: | `CO Groups`:gear:
--------- | ------------ | -----------------
Object creation | Only `CO Administrators`:crown: can create `COUs`:gear: | Any `CO Person`:gear: can create a `CO Group`:gear:
Membership structure | `COU` memberships are connected to `CO Persons`:gear: via a `CO Person Role`:gear: | `CO Group`:gear memberships are connected directly to the `CO Person`:gear:
Object management | `COU`:gear: memberships can be automated using enrollment workflows and expiration Policies (to be explained in the next lesson) | `CO Group`:gear: membership management is simple (for example, manual management by the `CO Group`:gear: Owner, or self-opt in for open `CO Groups`:gear:)
Automatic groups | `COU`:gear: memberships imply `CO Group`:gear: memberships | _None_
Mailing lists | _None_ | Email Addresses can be attached to `CO Groups`:gear: via `CO Email Lists`:gear:

# Group Members & Administrators

A group member is simply a participant in the group. A `CO Person`:gear: can be a member, and owner, both, or neither.

The `CO Person`:gear: who creates a CO Group is automatically set as both a member and owner of the new group. A group owner has permission to add and remove members to and from the group, including closed groups.

`CO Administrators`:gear: can manage any `CO Group`:gear: within their `CO`:gear:.

# Automatic/Members Groups

We have already been using groups in our examples as we set up administrative roles. COmanage automatically creates groups when creating `COs`:gear: and `COUs`:gear:. These automatic groups include:

* admins - the people who can manage the object and the `CO Persons`:gear: permissions within the object
* all members - all of the `CO Persons`:gear: associated with the object regardless of status (except for those with a Deleted status)
* active members - all of the `CO Persons`:gear: with an Active or Grace Period status associated with the object

# Nested Groups

**Nested Groups** allow the members of one group (the "nested" or source group) to automatically be included as members of another group (the "target" group). Nested Groups only confer group membership, they cannot be used to manage group ownership. Nested Groups are additive only, it is not possible to specify certain members to be excluded from the target group. Nested Groups do not imply any sort of hierarchy.

Nested Groups are not designed to scale to very large groups, and in particular manual reconciliation of a very large group with one or more Nested Groups may be problematic. Deployments experiencing problems working sophisticated group structures may wish to consider a solution such as Grouper.

# `CO Email Lists`:gear:

Email Lists are data structures that associate `CO Groups`:gear: and their memberships with listservs. COmanage does not provide actual message delivery capabilities, but rather maintains metadata about lists in order to provision list management software that support Email List objects. Currently supported email list-aware provisioners include:

* LDAP Provisioning Plugin
* Mailman Provisioning Plugin

`CO Email Lists`:gear: in COmanage include

* A name - The list name will typically become the left hand side of the list's email address
* A description to make the list purpose easier to understand
* A status of active or suspended

To manage the lists of people associated with the mailing list, `CO Groups`:gear: are used to indicate both list membership and roles for the list. The following are currently supported:

* Members
* Administrators
* Moderators

As an example, if you create a `CO Email Lists`:gear: called "Researchers" and attach the `CO Group`:gear: "Biologists" as the mailing list's **members group**, then any active `CO Person`:gear: who is a member of the Biologists group will be subscribed to the Researchers list in the mailing list management software. The actual privileges assigned to members, administrators, and moderators are determined by the specific mailing list software.


# Hands on - The organization model - CO Groups

![Interactive system activity](/assets/img/hands-on-keyboard.png)

Let's add to the organizational model that we're using as an example and its related worksheet, [Modeling Organization :memo:](/files/handouts/CO320-ModelingOrgs.pdf). We'll also use the example people that you modeled in the last lesson ([ Modeling People :memo:]( for inspiration for the groups that you will create.

On the Modeling Organization :memo: worksheet, draw the relationship of a few groups that your example people are in. Some questions to consider:

* What `COs`:gear: are the groups in?
* Which of the groups will need mailing lists?
* Do you need special groups to moderate and/or be administrators of mailing lists?
* Are any of these groups nested?
* Who are the natural owners of the groups?
* Which groups are open (can be joined by anyone), and which are closed?

Draw an image showing the relationship of the groups to the other organizational structures that you created.

[10 min]


# Hands on - CO Group Settings

![Interactive system activity](/assets/img/hands-on-keyboard.png)

Now that you have a picture that describes the relationship of the groups to the other structures, select one or two of the groups, and plan them out more fully using the [Modeling Organization :memo:](/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf) worksheet.

Here you will outline the metadata for each group, and will specify in more detail information about nested groups and/or email lists if needed.

If you specify that this group is part of a set of nested groups, also fill in a worksheet for the nested group(s).

If you specify that this group has an email list, fill in a worksheet for any related groups, for example, the group of administrators and/or moderators for the mailing list.

(10 min)


# Hands on - Create a `CO Group`:gear:

![Interactive system activity](/assets/img/hands-on-keyboard.png)

We will now implement what you have specified on your worksheets.

**REQUIRED ROLE**: any Active `CO Person`:gear:

## Sign into the Registry

1. Using the credentials you specified as part of the COmanage setup (or the `CO Administrator`:crown: that you established in the last section), sign into the system.

2. Navigate to your `CO`:gear:. If necessary, select your `CO`:gear: by selecting **Collaborations** from the menu on the left, and then selecting your Collaboration.

## Create a `CO Group`:gear:

3. In the menu on the left, click on the **Groups** link to display the current list of `CO Groups`:gear:, including the automatic groups.

4. Click the **Add Group** link above the table to create a new group. Fill in the form using the values that you included in the metadata section of your worksheet, and click the **ADD** button to add the `CO Group`:gear:.

5. Repeat this process for any other `CO Groups`:gear: that you created worksheets for.

## Configure the `CO Group`:gear:

6. From the list of `CO Groups`:gear:, prepare to edit one of the groups that you just created by clicking on the **Edit** button in the **Actions** column on the right.

7. If you have indicated that your group is part of nested groups, click on the **Add Nested Group** link to configure the nesting relationship. When setting the relationship, you will need to start from the Target Group. On the worksheet, you will add the groups in section 6 to the group that you are editing. i.e., every group that you add, will have its members included in the group that you opened. This step assumes that you have already create the groups that you intend to nest.

![Screen Shot - click to add your nested groups](/fig/CO320-03_NestedGroups.png)

## Configure email lists

If you have indicated that your group should have an email list, you will configure it in the email lists section.

8. In the menu on the left, select **Email Lists**. Click the **Add Email List** link above the table to configure a new email list.

9. Using section C of your CO Group worksheet, fill in the form to configure your new email list. This step assumes that you have already the groups that will be used as members, administrators and moderators for the mailing list.

## Group membership

We will be reviewing group membership as part of the enrollment workflows in the next lesson.

## Reconciling group memberships

In general, nested group memberships and memberships of automatic groups are updated in real time as needed. However, If an automatic group or a group with nested groups appears to have incorrect group memberships, the group may be manually reconciled to fix incorrect memberships. To reconcile a group, edit the desired group and click **Reconcile**.

Manually reconciling a group will not automatically reconcile related groups. For example, if Group A has nested Group B which in turn has nested Group C, and Group C is manually reconciled, it will probably be necessary to also manually reconcile Group B.



# Terminology & resources

## COmanage Objects

------ | -----------
`CO Person`:gear: | the representation of a person in COmanage
`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear:

## Worksheets

--------- | -----------
[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together.
[CO Group Planning Worksheet :memo:](/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf) | Planning worksheet for creating your CO Group(s). Contains all of the configuration sections at a glance.

## Slides

To be included


NEXT SECTION: [2. The COU](/_episodes/

LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../

WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](

0 comments on commit 2540cfa

Please sign in to comment.