What's the best way to use Groups to control access to video?

For background, please read about support for G Suite Directory to control access to video.

Groups and Members

When choosing Groups, it's best to have:

  1. one Group for each logically distinct location
    (e.g. for a building or collection of buildings serviced by the same people)
  2. Group names descriptive of that location
    (rather than the name of a person or current occupant that may change over time)
  3. Group members who are real unique people
    (no shared accounts or role-based accounts)

For example, Acme's corporate headquarters might be cameras-hq@acme.com. Then the New York City office might be cameras-nyc@acme.com

So the Group membership might look like this:

Group Member Role
cameras-hq@acme.com joe@acme.com MEMBER (Can View)
cameras-hq@acme.com sally@acme.com MANAGER (Can Manage)
cameras-nyc@acme.com sally@acme.com MANAGER (Can Manage)
cameras-nyc@acme.com jane@acme.com MEMBER (Can View)

 

Notice that Sally is the manager of both HQ and NYC by virtue of her being MANAGER of both Groups.

Nested Groups

A nested Group is a Group that contains another Group. Not every corporate directory system supports nested Groups. So the safest approach is to assign people to each individual group that they can access, since that works with all directory systems.

However, Camio will soon support nested Groups up to 3 levels deep. For example, a location Group cameras-tucson@acme.com can include a role Group cameras-southwest@acme.com which contains another role Group cameras-usa@acme.com which contains cameras-global@acme.com

  • cameras-global
    •  cameras-usa
      • cameras-southwest
        • cameras-tucson

So the group membership of cameras-tucson@acme.com and its nested groups might look like this:

Group Member Role
cameras-tucson@acme.com sam@acme.com MANAGER (Can Manage)
cameras-tucson@acme.com cameras-southwest@acme.com MEMBER (Can View)
cameras-southwest@acme.com cameras-usa@acme.com MEMBER (Can View)
cameras-global@acme.com jane@acme.com MEMBER (Can View)

So when jane@acme.com signs in, she can see Tucson even though she's a member of only cameras-global@acme.com.

There is no inherent hierarchy to Nested Groups. For example, cameras-tucson@acme.com could add another member soc2-auditors@acme.com that has nothing to do with the regional hierarchy.

 

Camera Groups

Separate from Groups that represent a particular Camio account, Camera Groups enable you to share a subset of the cameras across accounts. Read more

 

 

Have more questions? Submit a request

Comments