For background, please read about support for G Suite Directory to control access to video.
Groups and Members
When choosing Groups, it's best to have:
- one Group for each logically distinct location
(e.g. for a building or collection of buildings serviced by the same people)
- Group names descriptive of that location
(rather than the name of a person or current occupant that may change over time)
- Group members who are real unique people
(no shared accounts or role-based accounts)
For example, Acme's corporate headquarters might be firstname.lastname@example.org. Then the New York City office might be email@example.com.
So the Group membership might look like this:
|firstname.lastname@example.orgemail@example.com||MEMBER (Can View)|
|firstname.lastname@example.orgemail@example.com||MANAGER (Can Manage)|
|firstname.lastname@example.orgemail@example.com||MANAGER (Can Manage)|
|firstname.lastname@example.orgemail@example.com||MEMBER (Can View)|
Notice that Sally is the manager of both HQ and NYC by virtue of her being MANAGER of both Groups.
A nested Group is a Group that contains another Group. Not every corporate directory system supports nested Groups. So the safest approach is to assign people to each individual group that they can access, since that works with all directory systems.
However, Camio will soon support nested Groups up to 3 levels deep. For example, a location Group firstname.lastname@example.org can include a role Group email@example.com which contains another role Group firstname.lastname@example.org which contains email@example.com
So the group membership of firstname.lastname@example.org and its nested groups might look like this:
|email@example.comfirstname.lastname@example.org||MANAGER (Can Manage)|
|email@example.comfirstname.lastname@example.org||MEMBER (Can View)|
|email@example.comfirstname.lastname@example.org||MEMBER (Can View)|
|email@example.comfirstname.lastname@example.org||MEMBER (Can View)|
So when email@example.com signs in, she can see Tucson even though she's a member of only firstname.lastname@example.org.
There is no inherent hierarchy to Nested Groups. For example, email@example.com could add another member firstname.lastname@example.org that has nothing to do with the regional hierarchy.