Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Groups vs. COUs

Subject: COmanage Users List

List archive

Re: [comanage-users] Groups vs. COUs

Chronological Thread 
  • From: Benn Oshrin <>
  • To:
  • Subject: Re: [comanage-users] Groups vs. COUs
  • Date: Wed, 23 Apr 2014 20:40:54 -0700

On 4/23/14 10:19 AM,

What are the diffs and uses cases?

I would start with this

When creating a COU an admin group for it to be auto generated. Does the
approver have to be an owner of that group or only a member?

I assume you mean approval for enrollment flows? The approver needs to be a member.

I see that COUs can be arranged in a hierarchy. Is it true that an approver of
Parent COU A has approval privs on A's descendant groups?

If the approver has approval privs because they are a COU admin, then they should have privs on the descendant groups.

One of our scenarios is a CO with many teams, each with its own leader who can
approve enrollments. A user may be also added to more teams later.

We need to be able to export membership to these various teams to LDAP, etc.

My thought is create one CO and COUs for each team, grant membership to to
admin group for each COU to one user per each. On the enrollment flow, include
Group Membership (CO Person) attribute.

Would this work?

The COU admin would by default have approval privs on enrollments to that COU, so explicitly granting membership wouldn't necessarily be required.

There's also work in progress to auto-provision group memberships based on CO/COU memberships. I don't think that's been committed yet, but that could help this scenario.


Archive powered by MHonArc 2.6.16.

Top of Page