For background, please read about support for G Suite Directory to control access to video.
Groups and Members
When choosing Groups, it's best to have:
- one Group for each logically distinct location
(e.g. for a building or collection of buildings serviced by the same people)
- Group names descriptive of that location
(rather than the name of a person or current occupant that may change over time)
- Group members who are real unique people
(no shared accounts or role-based accounts)
For example, Acme's corporate headquarters might be email@example.com. Then the New York City office might be firstname.lastname@example.org.
So the Group membership might look like this:
|email@example.comfirstname.lastname@example.org||MEMBER (Can View)|
|email@example.comfirstname.lastname@example.org||MANAGER (Can Manage)|
|email@example.comfirstname.lastname@example.org||MANAGER (Can Manage)|
|email@example.comfirstname.lastname@example.org||MEMBER (Can View)|
Notice that Sally is the manager of both HQ and NYC by virtue of her being MANAGER of both Groups.
A nested Group is a Group that contains another Group. Not every corporate directory system supports nested Groups. So the safest approach is to assign people to each individual group that they can access, since that works with all directory systems.
However, Camio will soon support nested Groups up to 3 levels deep. For example, a location Group email@example.com can include a role Group firstname.lastname@example.org which contains another role Group email@example.com which contains firstname.lastname@example.org
So the group membership of email@example.com and its nested groups might look like this:
|firstname.lastname@example.orgemail@example.com||MANAGER (Can Manage)|
|firstname.lastname@example.orgemail@example.com||MEMBER (Can View)|
|firstname.lastname@example.orgemail@example.com||MEMBER (Can View)|
|firstname.lastname@example.orgemail@example.com||MEMBER (Can View)|
So when firstname.lastname@example.org signs in, she can see Tucson even though she's a member of only email@example.com.
There is no inherent hierarchy to Nested Groups. For example, firstname.lastname@example.org could add another member email@example.com that has nothing to do with the regional hierarchy.