Solved: Dealing with rotating roles

bigmorongo · 02-05-2024 08:07 PM

In a non-profit (and probably other environments) people tend to stick around but take on different roles from time to time. For example, Joe has been around forever; this term he's the treasurer and needs access to the treasurer email and shared drive; last term he was chair of the marketing group and needed their drive and calendar and managing their email group; next quarter he'll be in education. Each of these roles entails different responsibilities. Moreover, some roles, like treasurer, require continuity. So the treasurer emails are filed away where next treasurer can get them.

Has anyone figured out the best way to manage this situation?

I'd like not to have people get 4 logins for different roles. I'd like them to log in as themselves and then see a choice of "persona" they can take on. Each persona defines their email and privileges. Well, that's probably not happening. Delegation only covers email. I tried using the role as group, but thought preserving email was awkward.

Does someone have a least-difficult solution??

icrew

Seems to me that you could set up role accounts (treasurer@example.org and so on) and do the following:

Email: Delegate access to the person who has that role

Calendar: Share the calendar with full permissions to the person who has that role

Drive: Have a shared drive for each role, with permissions maintained appropriately (the person in that role might have edit permissions, others viewer-only for example)

It would require a bit of work whenever there was a transition, but I don’t think it’d be too difficult….

Just a thought….

Cheers,

Ian

View solution in original post

icrew

Seems to me that you could set up role accounts (treasurer@example.org and so on) and do the following:

Email: Delegate access to the person who has that role

Calendar: Share the calendar with full permissions to the person who has that role

Drive: Have a shared drive for each role, with permissions maintained appropriately (the person in that role might have edit permissions, others viewer-only for example)

It would require a bit of work whenever there was a transition, but I don’t think it’d be too difficult….

Just a thought….

Cheers,

Ian

bigmorongo

Don't mind difficult for admin; trying to keep it simply for users. I'll explore this to see if it works.

bigmorongo

I think I can do the drive and calendar management by making the a group (of one) for the role, and giving the group ownership of the drive and calendar. and putting the user into the group.. Still need to delegate email to the user. so each role is a group; the group has permissions for the role, the new holder goes into the group, and only need to delegate the email. This sounds workable. Wonder what I've missed. 😬

icrew

At least in terms of MyDrive, one issue with adding a user to a group that in turn has permissions to a folder/file is that the user does indeed get access to it, if they have the URL. They won't see the folder/file in their MyDrive or Shared With Me. It's an age-old bug. But with Shared Drives, I think that'll work fine, yes.

Rovertpla88

También estoy certificado para apoyar. Alas asocioanes sin fines de lucro dentro de Google AD GRANDS