Overview Page 

Group Overview

Groups provide a flexible and powerful way to organize your organization's membership.  When users join your organization by the online registration process or with your own membership process, that user becomes a member of one or more groups.  At the very minimum, this user will be a member of  a special group containing all site members.  Beyond a few additional special groups, it is mostly up to you to define your group structure.  There is even a special user called "Guest" belonging to a special group called "Guest" for your site visitors that are not members of your organization.  Hopefully you will have many such visitors who view your public pages, find your members in the directory, and benefit your organization by their patronage.

Group Hierarchy

Groups are organized into a hierarchy much like folders on your computer's hard drive.  Like folders on your computer, groups can have zero or more sub-groups and are themselves a sub-group.  The terminology and concept we will use is parent and child.  All groups may have zero or more children groups and belong to one parent group.  All groups inherit certain attributes (options and privileges) from their parent which we will cover a bit later.  In the group hierarchy there is a special group that is hidden to everyone but group administrators called "Root".  The root group serves no other purpose than to be the base point for the hierarchy (much like C:/ on your computer.

One of the most common ways users of the site will experience groups are the drop down selections such as the "Browse by Group".  In these menus the group hierarchy (or some subset of that) child groups appear indented with a leading dash.  Note that your group hierarchy is often presented in subsets -- you don't want all of your groups visible in the public directory -- so a particular group and its children will be a subset.

So for example if you have a public group called "Members" that has a child group "Fiction" and Fiction has a child group called "Child Books", they will appear as below in the drop down menu:

Members
- Fiction
- - Child Books

Inheritance 

Inheritance is terminology that typically applies to object oriented computing.  It is a simple and powerful way to automatically ensure that attributes of a parent are also passed on to their children.  Thus for example, if you wish to have your "Members" group and its child groups publicly visible in your directory, you only have to make the "Members" group public and the child groups will automatically inherit that attribute.

You will notice in dialogs, such as the "Edit Group" dialog, check boxes that are checked but grayed out and you cannot un-check them.  This is a situation where that characteristic or attribute is inherited from its parent.

Once you become accustomed to inheritance you will find that it really makes modifications much easier.  If you add a new group called "Preschool" under "Child Books" you really only need to think about its name.  All other attributes such as public or non-public, or even privileges are set as they should be by virtue of their family position. 

Group inheritance is simple.  A group can be a child of one and only one parent group.  User inheritance is a bit more complicated. Users inherit attributes from the groups in which they are members and they can be members of more than one group.  User membership is discussed further below.

Group Privileges

Privilege can often be a very confusing matter to people.  Privilege is simply the right or permission to do do certain things on the website.  This can be anything from accessing private pages to being able to modifying the site itself.  Privilege settings allow you to grant permission to members of your organization (or even guests if you wish) to be able to perform various tasks on the site.

Some computer applications separate groups (or categories) which are "who you are" characteristics from roles which are "what you can do" characteristics.  In this web application, groups are roles and categories all rolled into one.  The "what you can do" or privilege of a user is based on the privileges a group membership offers.

Each privilege setting is independent of other privilege settings.  What may seem like a "high" privilege doesn't automatically enable all "lower" privileges.  For example you might have the privilege to manage other users (a "high" privilege) but not have the privilege to send group e-mail (a relatively "lower" privilege).  You, however, can organize groups so that you get the desired capabilities.  This gives you the power to determine what "levels" of users you want and what capabilities each level has.  Using inheritance, you can create a set of administrative groups with successive higher level groups being the children of each lower level.  For example you can create "Admin1" as a top level group and give this group some low level capabilities.  Next you can create "Admin2" as the next level up from Admin1 by making Admin2 a child of Admin1.  Admin2 will automatically inherit all the privileges of Admin1 and you can add some additional ones.  You can continue in the same fashion with "Admin3".

There is one exception to the rule about independent privileges.  The privilege "Site Administrator" is a special case in that having this privilege implies all other privileges.  The site administrator could be termed a "super user" and pretty much as the power to do (or destroy) anything. 

The system takes care to prevent a user from taking site actions that will add to their own privilege.  For example if Maryjo's role is to maintain the groups that users may self-assign, she needs the privilege to "manage groups" and must be able to bring up the Edit Group dialog.  She is prevented however from editing any group that has privileges she doesn't and she cannot assign any group privileges she doesn't have.  

Group Options

Group options are similar to group privileges in that they are characteristics inherited from their parent and affect users who are members.  The difference is that privileges are used to give capability to the member users whereas options typically cover things that can be done to member users.  Group options are used to control whether this group accepts e-mail from other members or from the outside, or if this group is listed in the public directory.   See the help page for editing groups for more details about this.

Special Groups 

As with most things we need to have several special case groups to simplify the application.  These are in place not so much to confuse you as to make sure that at least one of these is present and to provide a little bit of structure as a starting point.

Another topic covered more fully in the help page for editing groups is group name vs. group title.  The group name is the internal name for a group and the title is the external name for the group.  With the special groups, you are able to title them anything you want, but their name is fixed and cannot be changed.  The fixed groups are all children of the "Root" group and you cannot change that.

Name TitleDescription
n/a Root
The parent node of all groups
members
Registered Members
Parent group for all site accounts.   Users logging on to the site will be assigned to this group by default if they have no other group memberships.  The majority of your organization's membership should be grouped somewhere under this top level group.  You should also designate a group in this branch to be the base for the public directory.
guests
Guest Users
This group is reserved for guest users, that is users who have not logged into the site.  Privilege for this group should be minimized.
admin
Administration
The Administration group and its descendants should be used to grant administrative privileges to organization members who will manage the website.  You are permitted to assign all administrative privileges to this one group and users will have all website management privileges, however we recommend making sub-groups below admin each with higher levels of administrative capability.  This permits unique administrative roles to be defined each only with enough permission to do their own task.
organization
Organizational Groups
Organizations have boards, chairs, presidents, etc.  This top level group provides a place to create group structure that represents your organization's.  Typically no special website capability is assigned to these groups, rather they are used for group mail and to produce lists of organizational members 
contact
Site Contact
Members of this group will receive e-mails sent from the site's public "Contact Us" page.  Make sure there is at least one member in this group.

 

Membership 

Membership is the attachment of a particular organizational member to a group. When a member is assigned to a group that member inherits the attributes of that group.  There are a few points you must remember about membership.

  1. A user may belong to multiple groups permitting that user to wear multiple hats.  For example a member may be a writer of children's fiction, but she is also a member of the board, and possibly the web's administrator.  Membership in multiple groups  each defining and enabling that role make this work.
  2. When a member is assigned explicitly to one group that member is implicitly a member of all that group's ancestors.  For example, using the example groups above, if Steve writes children's books for preschoolers, the most appropriate group to describe Steve is the group "Preschool".  Now Steve is implicitly a member of "Child Books" and "Fiction" and this makes sense.  When members define themselves in a very precise way, they are also considered when looking in a more general way.
  3. When a user is assigned to multiple groups, that person is granted the sum of the privileges of all the groups they belong.  If Fred is assigned to group "Member" having no privileges and to "Administrators" he is still an Administrator.  In other words, there is no subtractive effect to group membership.
  4. Without group memberships, an individual user has no capabilities.  If Fred is removed from the Administrator's group he suddenly reverts to only the privileges of the "Member" group.   Administrators should be wary of this when modifying their own groups.
  5. Privileges are assigned to a user from their group memberships when they log on and remain that way throughout the session.  Either raising a user's privilege or lowering it won't take effect until the next time they log on.  This should help administrators who mistakenly lower their own privilege (as in #4) to rectify that before going for help.