Skip to content
Branch: master
Find file Copy path
Find file Copy path
typo f2680b5 Nov 14, 2019
1 contributor

Users who have contributed to this file

115 lines (79 sloc) 5.94 KB
title teaching exercises questions objectives keypoints workshopOverviewName workshopOverviewURL lessonOverviewName lessonOverviewURL previousEpisodeName previousEpisodeURL nextEpisodeName nextEpisodeURL
About Permissions
Question here
List the objectives
List the key takeaways for the episode
COmanage Workshop: Managing Identities & Collaborations
CO310 - Modeling People in COmanage
3. Memberships
5. Your first person!

4. About Permissions

Several actions within COmanage require specific permissions to perform them. Permissions are usually granted by making a CO Person⚙️ a part of a group, and then granting permission to that group to do specific tasks.

The types of actions that can require special permission include:

  • Configuring the COmanage platform or specific organizations or collaborations represented in the platform
  • Enrolling (registering) people in COmanage
  • Managing CO Person⚙️ objects, their connected attributes (information), and the values stored for the person.
  • Managing one's own attributes (information) (Self Service Permissions)
  • Creating and managing groups and who is included in the groups

Automatic permission groups

Some groups for managing these permissions are created automatically when configuring the objects that you will use when modeling your organization. (Next lesson!)

  • Admin groups - for some component that you use to model your organization, a group will be created for each that will contain administrators for that organizational component. Members of this group will have permissions allowing them to manage the organizational component and the things attached to the organizational component. There is also a general admins group that contains all people who are an admin in any capacity.
  • Active Members group - All people registered with an active status in COmanage will be included in this group. Members of this group will have permissions allowing them to do thing like signing into COmanage.

Self Service Permissions

COmanage allows certain attributes (information) to be managed by users directly.

Attributes always available for self service

  • CO Group⚙️ Memberships (for open groups or groups owned by the CO Person) - we will be talking about Groups in the next lesson.
  • SSH Keys attached to a CO Person record

Attributes that may be configured for self service

  • CO Person⚙️ Name
  • CO Person Role⚙️ Address
  • CO Person⚙️ EmailAddress
  • CO Person Role⚙️ TelephoneNumber
  • CO Person⚙️ Identifier
  • CO Person⚙️ URL

By default, these attributes are read only.

Attributes that are never available for self service

  • CO Person⚙️ Status
  • CO Person Role⚙️ attributes
  • All attributes attached to an Org Identity⚙️ record

Hands on - Starting our person model

Interactive system activity

Consider the people that you have been using as examples in your 📝 Modeling People worksheet. What permissions would each of these individuals have?

  • Consider the items that you listed in the Memberships section. Would this person be an Owner or Administrator for any of these collections of people?
  • Would this person be considered a platform administrator, responsible for setting up organizational structure within COmanage?
  • Would this person be allowed to change attributes (information) about themselves, for example, email address, name or phone number?
  • Would this person be allowed to self enroll for any memberships? If so, what types of groups would this person elect to be a part of?
  • Is this person considered a guest - i.e., the person has a limited connection to your organization or collaboration.

Jot down your thoughts on the worksheet. There are check boxes to indicate things like administrative or ownership permissions as well as self service or self enrollment privileges.

[10 min]

Terminology & resources

COmanage Objects ⚙️

CO Person⚙️ the representation of a person in COmanage CO310-01
CO Group⚙️ a specific COmanage organizational structure for representing certain collections of CO Persons⚙️ CO320-03
Organizational Identity Source⚙️ Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID CO310-02
Organizational Identity Source Records⚙️ COmanage's cached value of the values at the source CO310-02
CO Person Role⚙️ the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to ⚙️ CO Person objects; there may be any number of Roles. C0310-04 (this session)


Modeling People 📝 Planning sheet used in this lesson for understanding how to model people in COmanage. This sheet is used to organize how specific people and their relationships would be expressed within COmanage CO301 (this lesson)

NEXT SECTION: 5. Your first person!

PREVIOUS SECTION: 3. About Authenticators

LESSON OVERVIEW: CO310 - Modeling People in COmanage

WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations

You can’t perform that action at this time.