diff --git a/_episodes/01-co.md b/_episodes/01-co.md index 118569d..ba12f5f 100644 --- a/_episodes/01-co.md +++ b/_episodes/01-co.md @@ -1,7 +1,7 @@ --- title: "The CO" -teaching: 20 -exercises: 0 +teaching: 10 +exercises: 35 questions: - "Question here" objectives: @@ -14,49 +14,49 @@ COmanage is a multi-tenet tool. This means that for each installation, one or mo # 1. The Collaborative Organization (CO) -The term “Collaborative Organization” or `CO` :gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO` :gear:. +The term “Collaborative Organization” or `CO`:gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO`:gear:. -Some traits of these `COs` :gear: include: +Some traits of these `COs`:gear: include: * These individuals use a common workflow for adding collaborators. * They share common policies for vetting the identities of collaborators. * They may include individuals in a single organization, or individuals may be in multiple organizations, geographically different regions, or even work independently. -While COmanage can support multiple `COs` :gear:, it is rare for someone who is just getting started to have more than one. During this workshop, each of us will be working with just one `COs` :gear:. +While COmanage can support multiple `COs`:gear:, it is rare for someone who is just getting started to have more than one. During this workshop, each of us will be working with just one `COs`:gear:. # Administrator Roles COmanage Registry defines several types of administrators. -## `CO Administrators` :crown: +## `CO Administrators`:crown: -`CO Administrators` :crown: are super users _within a CO_. The types of activities that a `CO Administrators` :crown: can do include: +`CO Administrators`:crown: are super users _within a CO_. The types of activities that a `CO Administrators`:crown: can do include: -* Configure a `CO` :gear: -* Add people to the `CO` :gear: (using an enrollment workflow. we will talk about these in a future lesson) -* Manage `CO Person` :gear: information for people connected to the `CO` :gear: -* Create and manage sub groups within the `CO` :gear: (we will be talking about these sub groups in the next section.) +* Configure a `CO`:gear: +* Add people to the `CO`:gear: (using an enrollment workflow. we will talk about these in a future lesson) +* Manage `CO Person`:gear: information for people connected to the `CO`:gear: +* Create and manage sub groups within the `CO`:gear: (we will be talking about these sub groups in the next section.) ## Other top-level administrators -### `CMP Administrators` :crown: _(aka Registry Admins)_ +### `CMP Administrators`:crown: _(aka Registry Admins)_ -`CMP Administrators` :crown: (COmanage Platform Administrators) are effectively super users, with the ability to perform almost all operations on the platform. The types of activities that CMP Administrators can do include: +`CMP Administrators`:crown: (COmanage Platform Administrators) are effectively super users, with the ability to perform almost all operations on the platform. The types of activities that CMP Administrators can do include: -* Configure the COmanage platform including creating new `COs` :gear: -* and everything that a `CO` :gear: Administrator can do *EXCEPT* for adding people using an enrollment workflow (unless the CMP Administrator is explicitly granted this permission in the workflow.) +* Configure the COmanage platform including creating new `COs`:gear: +* and everything that a `CO`:gear: Administrator can do *EXCEPT* for adding people using an enrollment workflow (unless the CMP Administrator is explicitly granted this permission in the workflow.) -### `System Administrators` :crown: +### `System Administrators`:crown: -`System Administrators` :crown: have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups. +`System Administrators`:crown: have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups. --- # Hands on - The organization model -![Interactive system activity](../assets/img/hands-on-keyboard.png) +![Interactive system activity](/assets/img/hands-on-keyboard.png) -In this lesson you each will start to build an organizational model to serve as an example. Using the [Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf), write down a name for the `CO` :gear: you will be working with for the workshop. Consider the people that you outlined in the first lesson, and pick a `CO` :gear: to which these individuals would be belong (along with the person's memberships that you have outlined.) +In this lesson you each will start to build an organizational model to serve as an example. Using the [Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf), write down a name for the `CO`:gear: you will be working with for the workshop. Consider the people that you outlined in the first lesson, and pick a `CO`:gear: to which these individuals would be belong (along with the person's memberships that you have outlined.) [5 min] @@ -64,22 +64,22 @@ In this lesson you each will start to build an organizational model to serve as # Hands on - CO Settings -![Interactive system activity](../assets/img/hands-on-keyboard.png) +![Interactive system activity](/assets/img/hands-on-keyboard.png) -`COs` :gear: have a number of settings that will dictate how it will behave. These settings are outlined on the worksheet, [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf). As we review each of the settings, mark the values for each on the worksheet for your `CO` :gear:. +`COs`:gear: have a number of settings that will dictate how it will behave. These settings are outlined on the worksheet, [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf). As we review each of the settings, mark the values for each on the worksheet for your `CO`:gear:. ## Features -There are several features that can be enabled on a `CO` :gear:. The default values will be sufficient for most needs: +There are several features that can be enabled on a `CO`:gear:. The default values will be sufficient for most needs: -* **Automatic expiration** _(default: enabled)_ - In the last lesson we learned that `CO Person` :gear: objects have validity date. The status of the `CO Person` :gear: can be set to **expired** when the validity date range has passed. Here you can disable this feature of automatic expirations. -* **`Identity Source` :gear: sync** _(default: enabled)_ - As you know from our last lesson, the cached `Identity Source Record` :gear: can be automatically synced to its source according to its defined schedule. Here you can disable this automatic processing. +* **Automatic expiration** _(default: enabled)_ - In the last lesson we learned that `CO Person`:gear: objects have validity date. The status of the `CO Person`:gear: can be set to **expired** when the validity date range has passed. Here you can disable this feature of automatic expirations. +* **`Identity Source`:gear: sync** _(default: enabled)_ - As you know from our last lesson, the cached `Identity Source Record`:gear: can be automatically synced to its source according to its defined schedule. Here you can disable this automatic processing. * **Normalizations** _(default: enabled)_ - COmanage supports the concept of data normalization. For example, upon entering the text " los angeles " into a field, normalization could correct that to "Los Angeles". Here you can disable this automatic processing. * **NSF Demographics** _(default: disabled)_ - COmanage supports the collection of NSF Demographic Information. Here you can enable this collection. ## Validity Timeframes -* **Re-provisioning** _(default: 1 day (1440 min))_ - COmanage can enable information exchange to external systems through provisioning. If the validity status of the `CO Person` :gear: changes, you likely will want provisioning to change as well. This setting allows you to set a delay before this action occurs to provide flexibility to correct inaccurate status changes. +* **Re-provisioning** _(default: 1 day (1440 min))_ - COmanage can enable information exchange to external systems through provisioning. If the validity status of the `CO Person`:gear: changes, you likely will want provisioning to change as well. This setting allows you to set a delay before this action occurs to provide flexibility to correct inaccurate status changes. * **Email confirmation** _(default: 1 day (1440 min))_ - Email addresses can be confirmed through COmanage. This security setting allows you to automatically expire the confirmation link after a set period of time. ## Data fields @@ -95,27 +95,27 @@ In this section, you can set the required fields for physical addresses and name --- -# Hands on - Create a `CO` :gear: +# Hands on - Create a `CO`:gear: -![Interactive system activity](../assets/img/hands-on-keyboard.png) +![Interactive system activity](/assets/img/hands-on-keyboard.png) We will now implement what you have specified on your worksheets. ## Sign into the Registry -1. Using the credentials you specified as part of the COmanage setup, sign into the system. These credentials have Platform Administrator privileges which enable you to create `COs` :gear:. Once you sign in you will see a list of available collaborations. +1. Using the credentials you specified as part of the COmanage setup, sign into the system. These credentials have Platform Administrator privileges which enable you to create `COs`:gear:. Once you sign in you will see a list of available collaborations. -## Create a `COs` :gear: +## Create a `COs`:gear: -**REQUIRED ROLE**: `CMP Administrator` :crown: +**REQUIRED ROLE**: `CMP Administrator`:crown: 2. From the menu, select Platform > COs to display the CO Management Overview List. -![Navigate to the CO Management Overview List](/fig/O310-01_COMgmtList_2019-09-06.png) +![Screen shot - Navigate to the CO Management Overview List](/fig/O310-01_COMgmtList_2019-09-06.png) -3. Click the "Add CO" link above the table on the right side to add a new `CO` :gear:. +3. Click the "Add CO" link above the table on the right side to add a new `CO`:gear:. -![CO Management Overview List](../fig/CO310-01_COMgmtOverviewList_2019-09-06.png) +![Screen shot - CO Management Overview List](../fig/CO310-01_COMgmtOverviewList_2019-09-06.png) 4. Fill in the fields from the **Metadata** section of [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf): a. **The name of your CO.** This name will be displayed on lists and elsewhere. It is a good idea for this name to be descriptive, but relatively short. @@ -125,23 +125,69 @@ We will now implement what you have specified on your worksheets. * Suspended - Useful if you do not want your CO to be active. * Template - Useful if you want to create several COs based on the configuration from this one. -5. Click the **ADD** button to save your new `CO` :gear:. +5. Click the **ADD** button to save your new `CO`:gear:. -## Configure your `CO` :gear: Settings +## Configure your `CO`:gear: Settings -**REQUIRED ROLE**: `CMP Administrator` :crown: -OR- `CO Administrator` :crown: +**REQUIRED ROLE**: `CMP Administrator`:crown: -OR- `CO Administrator`:crown: 6. Navigate back to the Collaborations List by selecting "Collaborations" from the menu. 7. From the Collaborations list page, click on the name of the Collaboration that you just created. 8. In the CO menu, click on the "Configuration" link to see the list of customizations that you can make. Click on the first link, "CO Settings" to adjust the settings. -![Navigate to COSettings Configuration > CO Settings](../assets/img/CO310-01_COSettings_2019-09-06.png) +![Screen shot - Navigate to COSettings Configuration > CO Settings](/assets/img/CO310-01_COSettings_2019-09-06.png) 9. Using the values that you put in your [[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf), adjust the settings for your CO. -4. Click the `SAVE` button to save your work. +10. Click the `SAVE` button to save your work. + +## Establish a `CO Administrator`:crown: + +Now that you have created a CO, you should set up at least one person as its administrator. For this example, you do not yet have any `CO Persons`:gear: that you can assign to this role. Instead, you will manually create records to create a `CO Person`:gear: and set up yourself as that administrator. + +11. Ensure that you are signed in and are looking at the CO that you created. +12. Navigate to the Organizational Identity List using the menu on the left by clicking **People** > **Organizational Identities** + +![Screen shot - Navigate to People > Organizational Identities](/assets/img/CO310-02_NavToOrgIdentitiesList.png) + +13. Click on the **Add a New Organizational Identity** link to open a form to create a new `Org Identity`:gear:. _NOTE: generally you will not be performing this function manually, so we will include the minimum attributes and information here._ + +![Screen shot - click Add a New Organizational Identity](/assets/img/CO310-02_CreateNewOrgIdentity.png) + +14. Fill in the form for yourself. The only required information is a **Given Name**. Feel free to fill in as much or as little as you would like. When you are finished, click the **ADD** button to save the new Organizational Identity. + +15. You will need an email address associated with this `Org Identity`:gear to create a `CO Person`:gear: that can be turned into an administrator. Add an email address by clicking the **Add** button in the Email addresses section. Fill in the form that is presented, and click the **ADD** button to add the email address. + +![Screen shot - click Add Email](/assets/img/CO310-02_AddEmail.png) + +16. Now that you have an `Org Identity`:gear: with an email address, you can invite this person (you!) to be a member of your `CO`:gear:. On the menu on the left, select **People** > **Invite** to start the process. This action will bring you to a list of `Org Identities`:gear: that both have an email address, and has not yet a part of the `CO`:gear: or been invited to join. You will see the `Org Identity`:gear: that you created on this list. + +![Screen shot - Find a person to invite to your CO](/assets/img/CO310-02_StartInvitation.png) + +17. Click the **Invite** button, review the form that appears as a result, and then click the "SEND INVITE" button. This action will send an invitation email to the address stored, and will add a `CO Person`:gear: attached to the `Org Identity`:gear: to the `CO`:gear:. This means that this new `CO Person`:gear: will appear in the population list for the CO. (The population list appears once the invitation is sent.) + +![Screen shot - My Population List](/assets/img/CO310-02_MyPopulation.png) + +18. Let's edit the `CO Person`:gear: directly to complete the process. Click the **Edit** button for the newly created `CO Person`:gear: to display the edit screen. Notice that this person was automatically added to the CO:members:all group. + +19. Make the following edits to complete the process: + * Change the **Status** in the **Person Attributes** section to **Active** and click the **SAVE** button. (This action will result in the person also being added to the CO:members:active group) + * Add the person to the CO:admins group. In the **Groups** section, click the **Manage Group Memberships** link. for the CO:admins group, check the **Member** checkbox in the **Actions** column. Click the **SAVE** button at the bottom of the list to save this action. Navigate back to the `CO Person`:gear: to check that this person is now a part of the administrators group for the `CO`:gear: + +![Screen shot - CO Person Edit screen with "Manage Group Memberships" highlighted](/assets/img/CO310-02_ManageGroupMemberships.png) CONGRATULATIONS!! You have just created and configured your first CO. +[15 min] + +--- + +# Hands on - + +![Interactive system activity](/assets/img/hands-on-keyboard.png) + + +## Sign into the Registry + --- # Terminology & resources @@ -150,20 +196,20 @@ CONGRATULATIONS!! You have just created and configured your first CO. OBJECT | DESCRIPTION ------ | ----------- -`CO` :gear: | any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. -`CO Person` :gear: | the representation of a person in COmanage -`Identity Source` :gear: | Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID. -`CO Person Role` :gear: | the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to :gear: `CO Person` objects; there may be any number of Roles. +`CO`:gear: | any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. +`CO Person`:gear: | the representation of a person in COmanage +`Identity Source`:gear: | Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID. +`CO Person Role`:gear: | the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to :gear: `CO Person` objects; there may be any number of Roles. -`CO Group` :gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons` :gear: +`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: ## CO Person Roles :crown: ROLE | DESCRIPTION ---- | ----------- -`CMP Administrators` :crown: | CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform. -`CO` :gear: Administrators | `CO` :gear: Administrators are super users _within a CO_. -`System Administrators` :crown: | System Administrators have privileges that enable them to maintain the COmanage application. +`CMP Administrators`:crown: | CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform. +`CO`:gear: Administrators | `CO`:gear: Administrators are super users _within a CO_. +`System Administrators`:crown: | System Administrators have privileges that enable them to maintain the COmanage application. ## Worksheets diff --git a/_episodes/02-cous.md b/_episodes/02-cous.md index b282d7d..676aba6 100644 --- a/_episodes/02-cous.md +++ b/_episodes/02-cous.md @@ -10,59 +10,79 @@ keypoints: - "List the key takeaways for the episode" --- +As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage supports this through the concept of Collaborative Organization Units (COUs), or COUs. COs can support one or more COUs. + # 2. Collaborative Organization Units (COUs) -"Collaborative Organizations Units" allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following: +Collaborative Organizations Units (or `COUs`:gear:) allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following: * How individuals join and/or leave the group * There are different rules about how applications get provisioned or deprovisioned * Who manages person membership and privileges in the group * The information stored or used about members of the group -If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you do not have COU even though you may have groups for simple access control. +If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you do not have COUs even though you may have groups for simple access control. + +When you have `COUs`:gear:, they may represent recognized groups of collaborators like departments, divisions, projects; or they may be related to the privileges that those in the group may have, for example, alumni or parents. The primary purpose of a `COUs`:gear:, however, is to allow for delegation of person management operations. -When you have COUs, they may represent recognized groups of collaborators like departments, divisions, projects; or they may be related to the privileges that those in the group may have, for example, alumni or parents. +If `COUs`:gear: are defined, they can be associated directly with the `CO`:gear: or they can have another `COU`:gear: as a parent. -COUs are a structural object within Registry, meaning they can be configured, and that they are used internally for a variety of purposes. The primary purpose of a COU, however, is to allow for delegation of person management operations. [COU Administrators](https://spaces.at.internet2.edu/display/COmanage/Registry+Administrators) can be defined for each COU, giving them the ability to perform lifecycle management operations on the CO People who have CO Person Roles associated with the COU that they manage (or any child COUs of that COU). +# `CO Person Roles`:gear: - a.k.a., associating `CO Persons`:gear: with `COUs`:gear: -If COUs are defined, they can be flat (no hierarchy, all are at the same level), or a COU can have a parent COU (in which case a hierarchy is implied). +Any `CO Person`:gear: in the `CO`:gear: can be part of any of the `COUs`:gear: in the `CO`:gear:. This connection happens through an object called a `CO Person Role`:gear:. -> A COU relationship to a CO is similar to the way that LDAP OUs have a relationship within an O. +The attributes (information) stored in the `CO Person Role`:gear: object typically includes +* Link to the associated `CO Person`:gear: who is connected to the `COU`:gear: +* Link to the person who is sponsoring the `CO Person`:gear:. `Sponsors`:gear: are usually used in relation to guest systems. We'll talk more about `Sponsors`:gear: later. +* Status +* Personal information about the person + * Date of birth + * affiliation (eduPerson) + * organization, department, & title +* List of physical addresses / phone numbers -# CO Person Role Status +These roles also can include information about the percent time the registered person is allocated to this role. -As with the :gear: `CO Person` object, each :gear: `CO Person Role` object +`CO Persons`:gear: can have any number of `CO Person Roles`, usually one for each `COU` that the person is part of. -## Calculated status value +## CO Person Role Status -Calculating the :gear: `CO Person` status from those of the :gear: `CO Person Role` object +As with `CO Persons`:gear:, each `CO Person Role`:gear: has a status related to it. The list of possible values is identical to that we reviewed in the previous lesson. -Each CO Person Role has a status attached to it and each CO Person has an overall status that is generally calculated as the "most preferred" of the attached CO Person Role statuses. Statuses represent various states in the identity lifecycle, and various statuses have specific meanings within COmanage. +When a `CO Person`:gear: is connected to one or more `CO Person Roles`:gear:, the status of the `CO Person` is calculated from that of the associated Roles based on the "most preferred" status. "Most preferred" is currently defined as the order in the status table (repeated here from the discussion about `CO Person` status in the previous lesson.) -Status can be changed under various circumstances: +Active statuses are most preferred, followed by expired statuses, followed by invitation statuses. -* As part of Enrollment or Invitation. (Onboarding) -* As part of an Organizational Identity Source and Pipeline sync. -* Due to an Expiration Policy. (Offboarding) -* By updating CO Person Role validity dates. - * If a Role is in Pending status and the Valid From date is updated to be in the past, the Role will automatically change to Active status. - * If a Role is in Active status and the Valid From date is updated to be in the future, the Role will automatically change to Pending status. - * If a Role is in Expired status and the Valid Through date is updated to be in the future, the Role will automatically change to Active status. - * If a Role is in Active or Grace Period status and the Valid Through date is updated to be in the past, the Role will automatically change to Expired status. -* Manually. Note that manual changes will be overwritten when an automatic update would result in a different status. +Preference | Status | Description +---------- | ------ | ----------- +1 | Active | Person or Role is an active member of the organization or collaboration +2 | GracePeriod | Primary association with the organization has ended, but services have not yet been deprovisioned +3 | Suspended | Association with the organization has been (manually) temporarily suspended +4 | Expired | Valid through date has been reached +5 | Approved | +6 | PendingApproval | The enrollment flow petition is pending approval +7 | Confirmed | +8 | PendingConfirmation | An invitation or email confirmation was sent via an enrollment flow +9 | Invited | An invitation was sent via default enrollment +10 | Pending | +11 | Denied | The enrollment flow petition was denied +12 | Declined | The invitation sent via default enrollment was declined +13 | Deleted | +14 | Duplicate | The record is a duplicate of another + +# Administrator Roles -The status of a CO Person is generally calculated from the status of the CO Person Roles attached. This happens automatically under the following conditions: +## `COU Administrators`:crown: -* When a CO Petition is approved/the Enrollee becomes active. -* When an Expiration Policy changes the status of a CO Person Role. -* When updating a CO Person Role Valid Through date causes the CO Person Role to become Active. -* When a Pipeline results in a status change. -* When a CO Person Role status is manually changed. +`COU Administrators`:crown: can be defined for each `COU`:gear:, giving them the ability to perform lifecycle management operations on the `CO People`:gear: who have `CO Person Roles`:gear: associated with the COU that they manage. + +Unit Administrators have limited privileges within the CO, generally related to the ability to enroll and manage populations within the CO Unit (COU). + +Unit Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the _CO:COU:COU-Name:admins_ group (v2.0.0 and later) or _admin:COU-Name_ group (prior to v2.0.0) within the CO. -The CO Person status is set to the "most preferred" status of the attached CO Person Roles. "Most preferred" is currently defined as the order in the table, below. In general, active statuses are most preferred, followed by expired statuses (since there may have been skeletal records provisioned that need to be maintained), followed by invitation statuses. +# About Sponsors -CO Person and Person Role Records are passed to Provisioners based on their status, as indicated in the table, below. # Administrator Roles @@ -70,25 +90,33 @@ COmanage Registry defines three types of administrators. ## Unit (COU) Administrators -Collaboration Administrators with sophisticated administrative requirements may optionally define Unit Administrators. Unit Administrators have limited privileges within the CO, generally related to the ability to enroll and manage populations within the CO Unit (COU). - -Unit Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the _CO:COU:COU-Name:admins_ group (v2.0.0 and later) or _admin:COU-Name_ group (prior to v2.0.0) within the CO. +Collaboration Administrators with sophisticated administrative requirements may optionally define Unit Administrators. COU Administrators can be defined for each COU, giving them the ability to perform lifecycle management operations on the CO People who have CO Person Roles associated with the COU that they manage (or any child COUs of that COU). --- -< TO BE UPDATED > - # Terminology & resources -## COmanage Objects +## COmanage Objects :gear: OBJECT | DESCRIPTION ------ | ----------- -`CO Person` :gear: | the representation of a person in COmanage -`CO Group` :gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons` :gear: +`CO`:gear: | any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. +`CO Person`:gear: | the representation of a person in COmanage +`Identity Source`:gear: | Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID. +`CO Person Role`:gear: | the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to :gear: `CO Person` objects; there may be any number of Roles. + +`CO Group`:gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons`:gear: + +## CO Person Roles :crown: + +ROLE | DESCRIPTION +---- | ----------- +`CMP Administrators`:crown: | CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform. +`CO`:gear: Administrators | `CO`:gear: Administrators are super users _within a CO_. +`System Administrators`:crown: | System Administrators have privileges that enable them to maintain the COmanage application. ## Worksheets diff --git a/fig/CO301-04_COMgmtList_2019-09-06.png b/fig/CO310-01_COMgmtList_2019-09-06.png similarity index 100% rename from fig/CO301-04_COMgmtList_2019-09-06.png rename to fig/CO310-01_COMgmtList_2019-09-06.png diff --git a/fig/CO301-04_COMgmtOverviewList_2019-09-06.png b/fig/CO310-01_COMgmtOverviewList_2019-09-06.png similarity index 100% rename from fig/CO301-04_COMgmtOverviewList_2019-09-06.png rename to fig/CO310-01_COMgmtOverviewList_2019-09-06.png diff --git a/fig/CO301-04_COSettings_2019-09-06.png b/fig/CO310-01_COSettings_2019-09-06.png similarity index 100% rename from fig/CO301-04_COSettings_2019-09-06.png rename to fig/CO310-01_COSettings_2019-09-06.png diff --git a/fig/CO310-02_AddEmail.png b/fig/CO310-02_AddEmail.png new file mode 100644 index 0000000..71e7906 Binary files /dev/null and b/fig/CO310-02_AddEmail.png differ diff --git a/fig/CO310-02_CreateNewOrgIdentity.png b/fig/CO310-02_CreateNewOrgIdentity.png new file mode 100644 index 0000000..e52c18d Binary files /dev/null and b/fig/CO310-02_CreateNewOrgIdentity.png differ diff --git a/fig/CO310-02_ManageGroupMemberships.png b/fig/CO310-02_ManageGroupMemberships.png new file mode 100644 index 0000000..2f8c82c Binary files /dev/null and b/fig/CO310-02_ManageGroupMemberships.png differ diff --git a/fig/CO310-02_MyPopulation.png b/fig/CO310-02_MyPopulation.png new file mode 100644 index 0000000..aa8839f Binary files /dev/null and b/fig/CO310-02_MyPopulation.png differ diff --git a/fig/CO310-02_NavToOrgIdentitiesList.png b/fig/CO310-02_NavToOrgIdentitiesList.png new file mode 100644 index 0000000..04fdb85 Binary files /dev/null and b/fig/CO310-02_NavToOrgIdentitiesList.png differ diff --git a/fig/CO310-02_StartInvitation.png b/fig/CO310-02_StartInvitation.png new file mode 100644 index 0000000..3de79bf Binary files /dev/null and b/fig/CO310-02_StartInvitation.png differ diff --git a/index.md b/index.md index 70abeb8..bdafb90 100644 --- a/index.md +++ b/index.md @@ -3,14 +3,14 @@ layout: lesson root: . --- -A key decision that you will need to make when setting up COmanage is how you will model your organization, project or collaboration. Thoughtful consideration will both provide both significant built-in capabilities, as well as flexibility as you use information created and managed in COmanage with other systems and services. +# CO320 - Modeling Organizational Structures in COmanage -In this lesson, you will learn what to consider when modeling your collaboration in COmanage, how to express this model, and how to make adjustments when needed. +When using COmanage with your organization or collaboration, the people that you have registered will naturally fall into groups, perhaps by organizational unit, project team, or the activities that a group of people can do. In this lesson, you will learn how these structures are modeled within COmanage and understand which structures to use to meet your needs. **WHO IS THIS COURSE FOR?** Application administrators. > ## Prerequisites -> CO102 or CO103 or equivalent +> [CO101: Getting to Know COmanage](https://github.internet2.edu/lpaglione/COmg-CO101-intro) or equivalent > ## Top Things You Need To Know > @@ -25,19 +25,10 @@ In this lesson, you will learn what to consider when modeling your collaboration Time | Section | Description ---- | ------- | -----------   | [Setup](/setup.md) | Prepare for the lesson -00:20 | 1. [The benefits of good modeling](/episodes/modelingBenefits.md) | Why is this important? What does good modeling get you? What challenges can result from poor modeling? -00:00 | 2. [Understanding the factors that may affect your modeling](/episodes/generalFactors.md) | Review in broad strokes the factors that may affect how you model your organization, project or collaboration. Explore some real-world examples. -00:00 | 3. [Considering the factors for your situation](/episodes/yourFactors.md) | Using the modeling worksheet you will consider your own organization, project or collaboration and the factors that may affect its model within COmanage. -00:00 | 4. [Picking a model](/episodes/yourModel.md) | Working collaboratively with others in the class, choose a model that you think would work for your situation. -00:00 | 5. [Modeling within COmanage](/episodes/generalCous.md) | Learn about Collaboration Organization Units (COUs), and how they are used to express a model in COmanage. -00:00 | 6. [Express your model with COUs](/episodes/yourCous.md) | Using the model that you have picked, express it in COmanage. -00:00 | 7. [Making changes](/episodes/changesHappen.md) | It's impossible to anticipate all needs. How do you adjust your model when necessary? -00:00 | 8. [Advanced Topics](/episodes/advanced.md) | During this section we will review advanced topics of interest to the class. Some examples include: +00:45 | [1. The CO](/_episodes/01-co.md) | Collaborative Organizations, what they are and how they are used. _The actual schedule may vary slightly depending on the topics and exercises chosen by the instructor._ - -1. [1. The CO](/_episodes/01-co.md) - Collaborative Organizations, what they are and how they are used 2. [2. The COUs](/_episodes/02-cous.md) - CO Units 3. [3. About CO Departments](/_episodes/03-departments.md) - 4. [4. About CO Groups](/_episodes/04-groups.md) \ No newline at end of file