COmanage Developers List

[Scott Koranda <>]

On Thu, Sep 4, 2014 at 9:22 AM, Benn Oshrin 
<>
 wrote:
> Currently, COU Admins have no special privileges on group management,
> unlike CO Admins who can manage any group. This came up as part of
> LARPP, where we dropped Ken to a COU Admin because he was uncomfortable
> with the extra privileges that a CO Admin gets, but then he lost the
> ability to manage groups.
>
> The question is, then, should COU Admins have the ability to manage any
> group? My initial reaction is no, since some groups may consist solely
> of people that the are not in the population the COU Admin manages.
> (Group memberships attach to the CO Person, not the CO Person Role.)
>
> We could then try to figure out which groups a COU Admin could manage
> based on the group's memberships, but that seems hard to explain and
> implement.
>
> Alternately, local implementations could just add the COU Admin as an
> owner to the groups they want the COU Admin to manage. I'm inclined to
> go this route, since it pushes the policy decision to the
> implementation, and as an added benefit no new code is required.
> (Complicated installations could use Grouper to manage this.)
>
> Thoughts? Should we open this to the users list for wider discussion?
>

Hi,

I think this is a fine approach for the time being.

Longer term I think we will be forced to revisit whether or not group 
membership
is tied to the CO Person or the CO Person Role.

Thanks,

Scott