COmanage Users List

[Benn Oshrin <>]

On 4/23/14 10:19 AM, 

 wrote:
> What are the diffs and uses cases?

I would start with this

 https://spaces.internet2.edu/display/COmanage/CO+vs.+COU

> When creating a COU an admin group for it to be auto generated. Does the
> approver have to be an owner of that group or only a member?

I assume you mean approval for enrollment flows? The approver needs to 
be a member.

> I see that COUs can be arranged in a hierarchy. Is it true that an approver of
>   Parent COU A has approval privs on A's descendant groups?

If the approver has approval privs because they are a COU admin, then 
they should have privs on the descendant groups.

> One of our scenarios is a CO with many teams, each with its own leader who can
> approve enrollments. A user may be also added to more teams later.
>
> We need to be able to export membership to these various teams to LDAP, etc.
>
> My thought is create one CO and COUs for each team, grant membership to to
> admin group for each COU to one user per each. On the enrollment flow, include
> Group Membership (CO Person) attribute.
>
> Would this work?

The COU admin would by default have approval privs on enrollments to 
that COU, so explicitly granting membership wouldn't necessarily be 
required.

https://spaces.internet2.edu/display/COmanage/Registry+Enrollment+Flow+Configuration#RegistryEnrollmentFlowConfiguration-Approval

There's also work in progress to auto-provision group memberships based 
on CO/COU memberships. I don't think that's been committed yet, but that 
could help this scenario.

-Benn-