diff --git a/_episodes/01-co.md b/_episodes/01-co.md index c717a9b..0d94597 100644 --- a/_episodes/01-co.md +++ b/_episodes/01-co.md @@ -12,7 +12,7 @@ keypoints: COmanage is a multi-tenet tool. This means that for each installation, one or more top-level groups can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO. -# 1. The Collaborative Organization (CO) +# 1. The Collaborative Organization (`CO`:gear:) The term “Collaborative Organization” or `CO`:gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO`:gear:. @@ -222,7 +222,7 @@ To be included --- -NEXT SECTION: [2. The COU](/_episodes/02-cous.md) +NEXT SECTION: [2. The COUs](/_episodes/02-cous.md) LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) diff --git a/_episodes/02-cous.md b/_episodes/02-cous.md index 0a4f186..f820e3d 100644 --- a/_episodes/02-cous.md +++ b/_episodes/02-cous.md @@ -12,7 +12,7 @@ keypoints: As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage supports this through the concept of Collaborative Organization Units (COUs), or COUs. COs can support one or more COUs. -# 2. Collaborative Organization Units (COUs) +# 2. Collaborative Organization Units (`COUs`:gear:) Collaborative Organizations Units (or `COUs`:gear:) allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following: @@ -118,7 +118,7 @@ We will now implement what you have specified on your worksheets. **REQUIRED ROLE**: `CMP Administrator`:crown: OR `CO Administrator`:crown: -3. In the CO menu, click on the "Configuration" link to see the list of customizations that you can make. Click on the link labeled **COUs** to see the list of `COUs`:gear: for the `CO`:gear:. +3. In the menu on the left, click on the **Configuration** link to see the list of customizations that you can make. Click on the link labeled **COUs** to see the list of `COUs`:gear: for the `CO`:gear:. 4. Click the **Add a New COU** link above the table to create a new COU. Fill in the form using the values that you included on your worksheet and click the **ADD** button to add the `COU`:gear:. @@ -179,7 +179,7 @@ To be included PREVIOUS SECTION [1. The CO](/_episodes/01-co.md) -NEXT SECTION: [3. About Departments](/_episodes/03-departments.md) +NEXT SECTION: [3. About Groups](/_episodes/03-groups.md) LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) diff --git a/_episodes/03-departments.md b/_episodes/03-departments.md deleted file mode 100644 index c742052..0000000 --- a/_episodes/03-departments.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: "The Departments" -teaching: 20 -exercises: 0 -questions: -- "Question here" -objectives: -- "List the objectives" -keypoints: -- "List the key takeaways for the episode" ---- - -# 3. Collaborative Organization (CO) Departments - -CO Departments are primary objects within Registry, which means that they are intended to store representations of external objects (just like CO People). CO Departments can attach to either a CO or a COU, and can be used to store a number of attributes about the department, including telephone numbers, email addresses, URLs, identifiers, and the sets of people associated with specific responsibilities within the department. CO Departments can be used to support various use cases: - -* In a VO deployment, CO Departments can be used to represent research groups. -* In an enterprise deployment, CO Departments can be used to represent the University department hierarchy. - -While there may typically be a one-to-one relationship between CO Departments and COUs, it is not strictly necessary. For example, a COU maybe made up of members spanning two departments. - -CO Departments are visible to anyone within the CO, by logging in to Registry, though only CO Administrators may edit their information. - -CO Departments are specifically intended to be used with [Registry Services](https://spaces.at.internet2.edu/display/COmanage/Registry+Services) and the Service Portal. - - ---- - -< TO BE UPDATED > - -# Terminology & resources - -## COmanage Objects :gear: - -OBJECT | DESCRIPTION ------- | ----------- -`CO Person`:gear: | the representation of a person in COmanage -`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: - -## Worksheets - -WORKSHEET | DESCRIPTION ---------- | ----------- -[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. -[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. - -## Slides - -To be included - ---- - -NEXT SECTION: [2. The COU](/_episodes/02-cous.md) - -LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) - -WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md) diff --git a/_episodes/03-groups.md b/_episodes/03-groups.md new file mode 100644 index 0000000..54541a7 --- /dev/null +++ b/_episodes/03-groups.md @@ -0,0 +1,199 @@ +--- +title: "The Groups" +teaching: 20 +exercises: 0 +questions: +- "Question here" +objectives: +- "List the objectives" +keypoints: +- "List the key takeaways for the episode" +--- + +# 4. About `CO Groups`:gear: + +COmanage Groups (`CO Groups`:gear:) are defined at the `CO`:gear: level, and `CO Group Memberships`:gear: are attach to the `CO Person`:gear:. `CO Groups`:gear: provide group functionality enabling actions to be applied to all members of the group at the same time, for example, granting access to an application, joining a mailing list, or expiring membership at the same time. By default, any `CO Person`:gear: can create a new `CO Group`:gear:. + +In some cases you will have more sophisticated provisioning needs than can be managed from within COmanage. In these cases, COmanage can be connected to Grouper. + +The attributes for a `CO Group`:gear: include: + +* Name - name of the group +* Description - a helpful way to explain the purpose of the group +* Open vs Closed - An _open_ group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a _closed_ group can only be set by the group owner. + +# Difference between `CO Groups`:gear: and `COUs`:gear: + +The major differences between `COUs`:gear: and `CO Groups`:gear: are + +Condition | `COUs`:gear: | `CO Groups`:gear: +--------- | ------------ | ----------------- +Object creation | Only `CO Administrators`:crown: can create `COUs`:gear: | Any `CO Person`:gear: can create a `CO Group`:gear: +Membership structure | `COU` memberships are connected to `CO Persons`:gear: via a `CO Person Role`:gear: | `CO Group`:gear memberships are connected directly to the `CO Person`:gear: +Object management | `COU`:gear: memberships can be automated using enrollment workflows and expiration Policies (to be explained in the next lesson) | `CO Group`:gear: membership management is simple (for example, manual management by the `CO Group`:gear: Owner, or self-opt in for open `CO Groups`:gear:) +Automatic groups | `COU`:gear: memberships imply `CO Group`:gear: memberships | _None_ +Mailing lists | _None_ | Email Addresses can be attached to `CO Groups`:gear: via `CO Email Lists`:gear: + +# Group Members & Administrators + +A group member is simply a participant in the group. A `CO Person`:gear: can be a member, and owner, both, or neither. + +The `CO Person`:gear: who creates a CO Group is automatically set as both a member and owner of the new group. A group owner has permission to add and remove members to and from the group, including closed groups. + +`CO Administrators`:gear: can manage any `CO Group`:gear: within their `CO`:gear:. + +# Automatic/Members Groups + +We have already been using groups in our examples as we set up administrative roles. COmanage automatically creates groups when creating `COs`:gear: and `COUs`:gear:. These automatic groups include: + +* admins - the people who can manage the object and the `CO Persons`:gear: permissions within the object +* all members - all of the `CO Persons`:gear: associated with the object regardless of status (except for those with a Deleted status) +* active members - all of the `CO Persons`:gear: with an Active or Grace Period status associated with the object + +# Nested Groups + +**Nested Groups** allow the members of one group (the "nested" or source group) to automatically be included as members of another group (the "target" group). Nested Groups only confer group membership, they cannot be used to manage group ownership. Nested Groups are additive only, it is not possible to specify certain members to be excluded from the target group. Nested Groups do not imply any sort of hierarchy. + +Nested Groups are not designed to scale to very large groups, and in particular manual reconciliation of a very large group with one or more Nested Groups may be problematic. Deployments experiencing problems working sophisticated group structures may wish to consider a solution such as Grouper. + +# `CO Email Lists`:gear: + +Email Lists are data structures that associate `CO Groups`:gear: and their memberships with listservs. COmanage does not provide actual message delivery capabilities, but rather maintains metadata about lists in order to provision list management software that support Email List objects. Currently supported email list-aware provisioners include: + +* LDAP Provisioning Plugin +* Mailman Provisioning Plugin + +`CO Email Lists`:gear: in COmanage include + +* A name - The list name will typically become the left hand side of the list's email address +* A description to make the list purpose easier to understand +* A status of active or suspended + +To manage the lists of people associated with the mailing list, `CO Groups`:gear: are used to indicate both list membership and roles for the list. The following are currently supported: + +* Members +* Administrators +* Moderators + +As an example, if you create a `CO Email Lists`:gear: called "Researchers" and attach the `CO Group`:gear: "Biologists" as the mailing list's **members group**, then any active `CO Person`:gear: who is a member of the Biologists group will be subscribed to the Researchers list in the mailing list management software. The actual privileges assigned to members, administrators, and moderators are determined by the specific mailing list software. + +--- + +# Hands on - The organization model - CO Groups + +![Interactive system activity](/assets/img/hands-on-keyboard.png) + +Let's add to the organizational model that we're using as an example and its related worksheet, [Modeling Organization :memo:](/files/handouts/CO320-ModelingOrgs.pdf). We'll also use the example people that you modeled in the last lesson ([ Modeling People :memo:](https://github.internet2.edu/lpaglione/COmg-CO310-modelPeople/blob/master/files/handouts/CO310-ModelingPeople.pdf)) for inspiration for the groups that you will create. + +On the Modeling Organization :memo: worksheet, draw the relationship of a few groups that your example people are in. Some questions to consider: + +* What `COs`:gear: are the groups in? +* Which of the groups will need mailing lists? +* Do you need special groups to moderate and/or be administrators of mailing lists? +* Are any of these groups nested? +* Who are the natural owners of the groups? +* Which groups are open (can be joined by anyone), and which are closed? + +Draw an image showing the relationship of the groups to the other organizational structures that you created. + +[10 min] + +--- + +# Hands on - CO Group Settings + +![Interactive system activity](/assets/img/hands-on-keyboard.png) + +Now that you have a picture that describes the relationship of the groups to the other structures, select one or two of the groups, and plan them out more fully using the [Modeling Organization :memo:](/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf) worksheet. + +Here you will outline the metadata for each group, and will specify in more detail information about nested groups and/or email lists if needed. + +If you specify that this group is part of a set of nested groups, also fill in a worksheet for the nested group(s). + +If you specify that this group has an email list, fill in a worksheet for any related groups, for example, the group of administrators and/or moderators for the mailing list. + +(10 min) + +--- + +# Hands on - Create a `CO Group`:gear: + +![Interactive system activity](/assets/img/hands-on-keyboard.png) + +We will now implement what you have specified on your worksheets. + +**REQUIRED ROLE**: any Active `CO Person`:gear: + +## Sign into the Registry + +1. Using the credentials you specified as part of the COmanage setup (or the `CO Administrator`:crown: that you established in the last section), sign into the system. + +2. Navigate to your `CO`:gear:. If necessary, select your `CO`:gear: by selecting **Collaborations** from the menu on the left, and then selecting your Collaboration. + +## Create a `CO Group`:gear: + +3. In the menu on the left, click on the **Groups** link to display the current list of `CO Groups`:gear:, including the automatic groups. + +4. Click the **Add Group** link above the table to create a new group. Fill in the form using the values that you included in the metadata section of your worksheet, and click the **ADD** button to add the `CO Group`:gear:. + +5. Repeat this process for any other `CO Groups`:gear: that you created worksheets for. + +## Configure the `CO Group`:gear: + +6. From the list of `CO Groups`:gear:, prepare to edit one of the groups that you just created by clicking on the **Edit** button in the **Actions** column on the right. + +7. If you have indicated that your group is part of nested groups, click on the **Add Nested Group** link to configure the nesting relationship. When setting the relationship, you will need to start from the Target Group. On the worksheet, you will add the groups in section 6 to the group that you are editing. i.e., every group that you add, will have its members included in the group that you opened. This step assumes that you have already create the groups that you intend to nest. + +![Screen Shot - click to add your nested groups](/fig/CO320-03_NestedGroups.png) + +## Configure email lists + +If you have indicated that your group should have an email list, you will configure it in the email lists section. + +8. In the menu on the left, select **Email Lists**. Click the **Add Email List** link above the table to configure a new email list. + +9. Using section C of your CO Group worksheet, fill in the form to configure your new email list. This step assumes that you have already the groups that will be used as members, administrators and moderators for the mailing list. + +## Group membership + +We will be reviewing group membership as part of the enrollment workflows in the next lesson. + +## Reconciling group memberships + +In general, nested group memberships and memberships of automatic groups are updated in real time as needed. However, If an automatic group or a group with nested groups appears to have incorrect group memberships, the group may be manually reconciled to fix incorrect memberships. To reconcile a group, edit the desired group and click **Reconcile**. + +Manually reconciling a group will not automatically reconcile related groups. For example, if Group A has nested Group B which in turn has nested Group C, and Group C is manually reconciled, it will probably be necessary to also manually reconcile Group B. + +--- + +< TO BE UPDATED > + +# Terminology & resources + +## COmanage Objects + +OBJECT | DESCRIPTION +------ | ----------- +`CO Person`:gear: | the representation of a person in COmanage +`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: + +## Worksheets + +WORKSHEET | DESCRIPTION +--------- | ----------- +[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. +[CO Group Planning Worksheet :memo:](/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf) | Planning worksheet for creating your CO Group(s). Contains all of the configuration sections at a glance. + +## Slides + +To be included + +--- + +NEXT SECTION: [2. The COU](/_episodes/02-cous.md) + +LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) + +WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md) + + diff --git a/_episodes/04-departments.md b/_episodes/04-departments.md new file mode 100644 index 0000000..537e534 --- /dev/null +++ b/_episodes/04-departments.md @@ -0,0 +1,76 @@ +--- +title: "The Departments" +teaching: 20 +exercises: 0 +questions: +- "Question here" +objectives: +- "List the objectives" +keypoints: +- "List the key takeaways for the episode" +--- + +# 4. About `CO Departments`:gear: + +`CO Departments`:gear: are primary objects within COmanage, which means that they are intended to store representations of external objects (just like `CO People`:gear:). They can attach to either a `CO`:gear: or a `COU`:gear:, and can be used to store a number of attributes about the department, including telephone numbers, email addresses, URLs, identifiers, and the sets of people associated with specific responsibilities within the department. `CO Departments`:gear: can be used to support various use cases: + +* In a VO (Virtual Organization) deployment, `CO Departments`:gear: can be used to represent research groups. +* In an enterprise deployment, `CO Departments`:gear: can be used to represent the University department hierarchy. + +While there may typically be a one-to-one relationship between CO Departments and COUs, it is not strictly necessary. For example, a COU may be made up of members spanning two departments. + +`CO Departments`:gear: are visible to anyone within the `CO`:gear:, by logging into COmanage, though only `CO Administrators`:crown: may edit their information. + +# Wrapping up + +## Organizational model review + +You have learned about the structural elements that are used to model organizations within COmanage. + +**Comparison Summary** + + | COU | CO Department | CO Group +---|-----|---------------|--------- +**Belongs To** | CO | CO; COU | CO; COU (for automatic groups only) +**Has Many** | CO Person Roles; CO Departments | |CO People (via CoGroupMember); CO Email List +**Hierarchical** | Yes | No ([CO-1523](https://bugs.internet2.edu/jira/browse/CO-1523)) | No ([CO-721](https://bugs.internet2.edu/jira/browse/CO-721)) +**Object Type** | Structural Object | Primary Registry Object | Primary Registry Object +**Supported Attributes** | None | Addresses; Email Addresses; Identifiers; Telephone Numbers; URLs; Leadership Group; Administrative Group; Support Group | Open / Closed; Managers (via CoGroupMember); Email Addresses (via CoEmailList); Identifiers + +## Combining models - People & Organization + +The following diagram summarizes the structures that we learned about during the last two lessons: + +![Model Diagram - People model and Organization model](/fig/ModelingPersonOrgRelationships.png) + +--- + +< TO BE UPDATED > + +# Terminology & resources + +## COmanage Objects :gear: + +OBJECT | DESCRIPTION +------ | ----------- +`CO Person`:gear: | the representation of a person in COmanage +`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: + +## Worksheets + +WORKSHEET | DESCRIPTION +--------- | ----------- +[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. +[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. + +## Slides + +To be included + +--- + +NEXT SECTION: [2. The COU](/_episodes/02-cous.md) + +LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) + +WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md) diff --git a/_episodes/04-groups.md b/_episodes/04-groups.md deleted file mode 100644 index 1d4a47c..0000000 --- a/_episodes/04-groups.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: "The Groups" -teaching: 20 -exercises: 0 -questions: -- "Question here" -objectives: -- "List the objectives" -keypoints: -- "List the key takeaways for the episode" ---- - -# 4. About CO Groups - -COmanage Groups (CO Groups) are defined at the CO level, and CO Group Memberships attach to the CO Person. CO Groups are fairly basic, for more sophisticated needs COmanage can be connected to Grouper using the Grouper Provisioning Plugin. By default, any CO Person can create a new CO Group. - -## Difference between CO Groups and COUs - -The major differences between COUs and CO Groups are - -* Any CO Person can create a CO Group; only CO Administrators can create COUs. -* CO Group Memberships attach at the CO Person level, whereas COU memberships attach at the CO Person Role level. -* Management of CO Group Memberships is simple (e.g., manual management by the CO Group Owner, self-opt in for open CO Groups, etc.), whereas COU memberships can be managed using [Enrollment Flows](https://spaces.at.internet2.edu/display/COmanage/Registry+Enrollment+Flow+Configuration) and [Expiration Policies](https://spaces.at.internet2.edu/display/COmanage/Expiration+Policies). -* COU memberships imply CO Group Memberships (in the _Members:COU group_). -* Email Addresses can be attached to CO Groups via [CO Email Lists](https://spaces.at.internet2.edu/display/COmanage/CO+Email+Lists). - -## Comparison Summary - - | COU | CO Department | CO Group ----|-----|---------------|--------- -**Belongs To** | CO | CO; COU | CO; COU (for automatic groups only) -Has Many | CO Person Roles; CO Departments | |CO People (via CoGroupMember); CO Email List -HIerarchical | Yes | No ([CO-1523](https://bugs.internet2.edu/jira/browse/CO-1523)) | No ([CO-721](https://bugs.internet2.edu/jira/browse/CO-721)) -Object Type | Structural Object | Primary Registry Object | Primary Registry Object -Supported Attributes | None | Addresses; Email Addresses; Identifiers; Telephone Numbers; URLs; Leadership Group; Administrative Group; Support Group | Open / Closed; Managers (via CoGroupMember); Email Addresses (via CoEmailList); Identifiers (as of Registry v3.3.0) - -# Plan your groups - -## Why you want to use groups - -Groups are used for a variety of reasons, but generally they are used to manage permissions and access, or to manage contact lists. COmanage handles basic groups; for more complex group structures, Grouper integration is required. - -COmanage Groups (CO Groups) are defined at the CO level, and CO Group Memberships attach to the [CO Person](https://spaces.at.internet2.edu/display/COmanage/Understanding+Registry+People+Types). CO Groups are fairly basic, for more sophisticated needs COmanage can be connected to [Grouper](http://grouper.internet2.edu/) using the [Grouper Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/Grouper+Provisioning+Plugin). By default, any CO Person can create a new CO Group. - -## What you need to consider - -CO Groups provide basic group functionality enabling actions to be applied to all members of the group at the same time, for example, granting access to an application, joining a mailing list, or expiring membership at the same time. - -Some will require more sophisticated group management than what is available in COmanage. For these needs, COmanage can be connected to [Grouper](http://grouper.internet2.edu/) using the [Grouper Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/Grouper+Provisioning+Plugin). - - ---- - - - - -# CO Email lists - -Email Lists are data structures that associate [CO Groups and Group Memberships](https://spaces.at.internet2.edu/display/COmanage/CO+Groups+and+Group+Memberships) with listservs. Email Lists are available as of Registry v3.1.0. - -Registry does not provide actual message delivery capabilities, but rather maintains metadata about lists in order to provision list management software using [Provisioner Plugins](https://spaces.at.internet2.edu/display/COmanage/Provisioning+From+Registry) that support Email List objects. Email List-aware provisioners include: - -* [LDAP Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/LDAP+Provisioning+Plugin) (not yet implemented, [CO-1439](https://bugs.internet2.edu/jira/browse/CO-1439)) -* [Mailman Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/Mailman+Provisioning+Plugin) - -Several groups can be attached to an Email List in order to define both list membership and roles for the list. The following are currently supported: - -* Members -* Administrators -* Moderators - -As an example, if you create a email list called "Researchers" and attach the CO Group "Biologists" as its members group, then any valid CO Person who is a member of Biologists will be subscribed to the Researchers list in the mailing list management software. The actual privileges assigned to members, administrators, and moderators are determined by the specific mailing list software. - -The list name will typically become the left hand side of the list's email address. - -## Email list data structure - -You can find the registry data model for CO mail lists in the [wiki: cm_co_email_lists](https://spaces.at.internet2.edu/display/COmanage/cm_co_email_lists) - -# Registry services - -As of v2.0.0, COmanage Registry supports a concept of CO Services. A CO Service represents a service or application that a CO Person has access to by participating in the collaboration. While access to the service is likely controlled by Registry managed attributes, the service itself is not accessed as part of Registry. Instead, CO Services act as inventory or catalog of available services, rendering a list of available services on a per CO Person basis. - -CO Services are registered by a CO Administrator via the Configuration >> Services menu, and are made visible to users via both the Services menu (v2.0.x only; visible only after the first CO Service is registered) and the Service Portal (available in the main menu). CO Service attributes include - -* **CO Group**: Access to this service is available only to members of this group. Note the application is ultimately responsible for its own access control. -* **Service URL**: The URL of the service. -* **Logo URL**: The URL for an image that represents this service. If you'd like to serve these locally from your Registry server, see [Publishing Images and Other Media](https://spaces.at.internet2.edu/display/COmanage/Publishing+Mostly+Static+Public+Content). -* **Contact Email**: The email address of a contact responsible for managing the service. -* **Entitlement URI**: The [entitlement URI](http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html#eduPersonEntitlement) associated with this service. Used (eg) by the [LDAP Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/LDAP+Provisioning+Plugin). -* **Visibility**: Who can see this CO Service entry. Note that administrators are not treated specially – they will only see Services in the menu and portal for which they have associated eligibilities. To see the full list of services, administrators can use the configuration menu. - * **CO Admin**: Only CO Administrators within the CO can see this service - * **CO Group Member**: Only members of the associated CO Group can see this service - * **CO Person**: Any CO Person within the CO can see this service - * **Unauthenticated User**: Anyone can see this service -* **COU**: COU this CO Service is associated with. Service Portals will be available (in the main menu) for each COU with attached services. If set, this service will not be visible in the CO's Service Portal. Available since Registry v3.1.0. -* **Service Identifier Type**: Used to indicate which type of [Identifier](https://spaces.at.internet2.edu/display/COmanage/cm_identifiers) is to be used with this Service. Available since Registry v3.2.0. -* **Short Label**: Primarily intended for use with the [LDAP Provisioning Plugin](https://spaces.at.internet2.edu/display/COmanage/LDAP+Provisioning+Plugin), a short label for the service that can be used when attribute options are enabled. Available since Registry v3.2.0. - -If at least one CO Service is configured with Unauthenticated User visibility, then the Service Portal will be publicly accessible. Otherwise, only members of the CO can see the Service Portal. - -> The Service Portal can be rendered within [Registry Dashboards](https://spaces.at.internet2.edu/display/COmanage/Registry+Dashboards) by using the [Services Dashboard Widget](https://spaces.at.internet2.edu/display/COmanage/Services+Widget+Plugin). - - ---- - -< TO BE UPDATED > - -# Terminology & resources - -## COmanage Objects - -OBJECT | DESCRIPTION ------- | ----------- -`CO Person`:gear: | the representation of a person in COmanage -`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: - -## Worksheets - -WORKSHEET | DESCRIPTION ---------- | ----------- -[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. -[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. - -## Slides - -To be included - ---- - -NEXT SECTION: [2. The COU](/_episodes/02-cous.md) - -LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) - -WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md) - - diff --git a/_episodes/05-yourOrg.md b/_episodes/05-yourOrg.md deleted file mode 100644 index a4af679..0000000 --- a/_episodes/05-yourOrg.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: "Setting up your organization" -teaching: 20 -exercises: 0 -questions: -- "Question here" -objectives: -- "List the objectives" -keypoints: -- "List the key takeaways for the episode" ---- - -# 5. Setting up your organization - -Platform Administrators are configured by [adding the appropriate Organizational Identity](https://spaces.at.internet2.edu/display/COmanage/Default+Registry+Enrollment) to the COmanage CO, and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the COmanage CO. - -# Then IMPLEMENT IT... - - -# Implement a group! - -// NOTE: this section needs to be confirmed & screen shots added. - -### CO Admins - -Collaboration Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the CO. - -## Create a Group - -![Interactive system activity](/assets/img/hands-on-keyboard.png) - -**REQUIRED ROLE**: Platform Administrator (or maybe this is "Any CO Person?", at least by default.) - -// NOTE: this section needs to be confirmed & screen shots added. - -1. Login to the COmanage Registry and select your CO from the list. -2. Select 'All Groups' from the Group drop-down menu. -3. On the Groups page, select 'Add Groups', located above the Groups table. -4. Fill in the fields: - a. **The name of your Group.** This name will be displayed when your group is referenced. It is a good idea for this name to be descriptive, but relatively short. - b. **Description.** Write a short description of your group. This description will be helpful to users and future administrators to understand the purpose of the group. - c. **Open.** This is a check box to indicate whether anyone can join, or if users may only be added by the group owner. An open group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a closed group can only be set by the group owner. - c. **Status.** There are three choices for the status: - * Active - you will select this one. Your group will be immediately active upon its creation. - * Suspended - Useful if you are not ready for your group to be active. -5. Click 'Add'. - -## Group Attributes - -### Open vs Closed - -An _open_ group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a _closed_ group can only be set by the group owner. - -In addition, CO Administrators can manage any CO Group within their CO. - -### Automatic Groups - -_Automatic Groups_ are those which Registry automatically manages the memberships of. - -# Group Members - -A group member is simply a participant in the group. A group owner has permission to add and remove members to and from the group, including closed groups. A CO Person can be a member, and owner, both, or neither. - -The CO Person who creates a CO Group is automatically set as both a member and owner of the new group. - -## Add a Group Member - -There are several ways to add individuals to groups. This may be done as part of the enrollment process, or it may be done after enrollment is complete and the individuals are already in the Registry. The instructions below assume enrollment has been completed and the individual is being added by a CO administrator to a new group. - -1. Login to the COmanage Registry (if you haven't already) and select your CO from the list. -2. Select 'My Population' from the People drop-down menu. -3. Select a user and click on 'Manage Group Memberships'. This will show a list of available groups and you can add the individual as a group member or as a group owner by clicking on the appropriate box in the 'Actions' column. -4. Click 'Save'. - -## Nested Group membership - -As of Registry v3.3.0, Nested Groups allow the members of one group (the "nested" or source group) to automatically be included as members of another group (the "target" group). Nested Groups only confer group membership, they cannot be used to manage group ownership. Currently, Nested Groups are additive only, it is not possible to specify certain members to be excluded from the target group ([CO-1585](https://bugs.internet2.edu/jira/browse/CO-1585)). - -To nest a group, edit the target group and click **Add Nested Group**. Select the desired source group. Currently, only CO and COU admins can create or remove nestings. - -Nested Groups do not imply any sort of hierarchy ([CO-1223](https://bugs.internet2.edu/jira/browse/CO-1223)). - -> Nested Groups are not designed to scale to very large groups, and in particular manual reconciliation of a very large group with one or more Nested Groups may be problematic. The exact threshold will vary according to the specifics of a given deployment. Deployments experiencing problems reconciling large groups may wish to consider a solution such as [Grouper](http://grouper.internet2.edu/). - -## Remove a Group Member - -There are several ways to remove an individual from group membership, either by managing that individual directly (follow the directions for Adding a Group Member and click on the appropriate box to de-select that entry) or by managing the group as a whole. The instructions below assume direct group management instead of per-individual management. - -1. Login to the COmanage Registry (if you haven't already) and select your CO from the list. -2. Select 'My Groups' from the Group drop-down menu. -3. Select the group you are changing (note that you must be an owner of that group to adjust membership). -4. Click on 'Delete' for each member you are removing from the group, and 'Remove' from the verification pop-up. - -As of v3.1.0, it is possible for a CO Person to add or remove themselves from the CO Group associated with a Service directly from the Service Portal, using the _Join_ and _Leave_ buttons. Using _Join_ and _Leave_ is functionally equivalent to navigating to My Groups, finding the appropriate group, and ticking the Member button. This is only available when the CO Group associated with a Service is an open group. - -> Administrators cannot use this interface on behalf of a CO Person, but must instead use the regular group management interfaces. - -## Reconciling group memberships - -In general, nested group memberships and memberships of automatic groups are updated in real time as needed. However, If an automatic group or a group with nested groups appears to have incorrect group memberships, the group may be manually reconciled to fix incorrect memberships. To reconcile a group, edit the desired group and click **Reconcile**. - -Manually reconciling a group will not automatically reconcile related groups. For example, if Group A has nested Group B which in turn has nested Group C, and Group C is manually reconciled, it will probably be necessary to also manually reconcile Group B. - -## CO Group Membership Attributes - -### Member vs Owner - -A group member is simply a participant in the group. A group owner has permission to add and remove members to and from the group, including closed groups. A CO Person can be a member, and owner, both, or neither. - -The CO Person who creates a CO Group is automatically set as both a member and owner of the new group. - -## Admin Groups - -Admin Groups are used to determine [Registry Administrators](https://spaces.at.internet2.edu/display/COmanage/Registry+Administrators). Admin Groups are automatically created when a CO or COU is created. The Platform Administrator typically sets the initial CO Administrator, and then the CO Administrators. - -Since v2.0.0: - -* The admin group is indicated by the group type GroupEnum::Admins and a null cou_id. The default name for the group is CO:admins. -* The admin groups for COUs are indicated by the group type GroupEnum::Admins and a non-null cou_id. The default name for COU admin groups is CO:COU:COU_Name:admins. - -Prior to v2.0.0: - -* The admin group determines CO Administrators. -* Groups of the form admin:couname determine COU Administrators. - -## Members Groups - -Members Groups are automatic groups that are updated with all members of the CO or COU. Members Groups are automatically created and updated. - -Since v2.0.0: - -* Members of the CO in Active or Grace Period status are available in the group identified by the group type GroupEnum::ActiveMembers and a null cou_id. The default name for the group is CO:members:active. -* All members of the CO (except those in Deleted status) are available in the group identified by the group type GroupEnum::AllMembers and a null cou_id. The default name for the group is CO:members:all. -* Members of a given COU with an Active or Grace Period status role are available in the group identified by the group type GroupEnum::ActiveMembers and a non-null cou_id. The default name for the group is CO:COU:COU_Name:members:active. -* All members of a given COU (except those with only roles in Deleted status) are available in the group identified by the group type GroupEnum::AllMembers and a non-null cou_id. The default name for the group is CO:COU:COU_Name:members:all. - -Prior to v2.0.0: - -* The members group holds all CO People within the CO. -* Groups of the form members:couname hold all CO People with a role in the specified COU. - - ---- - -< TO BE UPDATED > - -# Terminology & resources - -## COmanage Objects :gear: - -OBJECT | DESCRIPTION ------- | ----------- -`CO Person`:gear: | the representation of a person in COmanage -`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: - -## Worksheets - -WORKSHEET | DESCRIPTION ---------- | ----------- -[Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. -[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. - -## Slides - -To be included - ---- - -NEXT SECTION: [2. The COU](/_episodes/02-cous.md) - -LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md) - -WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md) diff --git a/fig/CO320-03_NestedGroups.png b/fig/CO320-03_NestedGroups.png new file mode 100644 index 0000000..32b06aa Binary files /dev/null and b/fig/CO320-03_NestedGroups.png differ diff --git a/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf b/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf new file mode 100644 index 0000000..47e5905 Binary files /dev/null and b/files/handouts/CO320-03_COGroupPlanningWorksheet.pdf differ diff --git a/index.md b/index.md index aacae9d..a277af8 100644 --- a/index.md +++ b/index.md @@ -31,6 +31,5 @@ Time | Section | Description _The actual schedule may vary slightly depending on the topics and exercises chosen by the instructor._ - -3. [3. About CO Departments](/_episodes/03-departments.md) - -4. [4. About CO Groups](/_episodes/04-groups.md) \ No newline at end of file +[3. About CO Groups](/_episodes/03-groups.md) +[4. About CO Departments](/_episodes/04-departments.md)