COmanage Developers List

[Benn Oshrin <>]

Currently, COU Admins have no special privileges on group management,
unlike CO Admins who can manage any group. This came up as part of
LARPP, where we dropped Ken to a COU Admin because he was uncomfortable
with the extra privileges that a CO Admin gets, but then he lost the
ability to manage groups.

The question is, then, should COU Admins have the ability to manage any
group? My initial reaction is no, since some groups may consist solely
of people that the are not in the population the COU Admin manages.
(Group memberships attach to the CO Person, not the CO Person Role.)

We could then try to figure out which groups a COU Admin could manage
based on the group's memberships, but that seems hard to explain and
implement.

Alternately, local implementations could just add the COU Admin as an
owner to the groups they want the COU Admin to manage. I'm inclined to
go this route, since it pushes the policy decision to the
implementation, and as an added benefit no new code is required.
(Complicated installations could use Grouper to manage this.)

Thoughts? Should we open this to the users list for wider discussion?

Thanks,

-Benn-