I recently placed a call to ESRI Tech Support to confirm a serious limitation in ArcGIS Online Security and Sharing. For the last year I have been experimenting with a Public account. In that account I was unable to Share my content with any groups that I created without sharing it with the Public first. I completely understand this concept as we are using a FREE account.
This idea has been merged with Allow a public user to join a private group authorized by Organization Administrator.
This week I signed up for an Organizational Account. This account is limited to 10 members. The problem that I am now seeing is that I cannot share any information with people within our County Government without first inviting them into the ArcGIS Online Organization. This is a serious flaw. I created groups and shared services from My Content to both the Organization and the newly created Groups. The problem that I called ESRI about had to do with allowing users into the groups. I was unable to invite Public Users into the Group unless I placed them into the Organization. Since we technically pay for this account we should have the ability to share any information with public accounts as well as organizational accounts.
Here is a scenario... Company, Goverment Agency, etc., creates an Organizational account with a 10 member limit. They have 10 members that they want to give permission to add, modify, or in some way produce maps, data, and services to their individual team members. All 10 create map services and try to share them with their workers but are unable to because the workers would only have public accounts. This would force the Company to add users which would cost them more money, when all they really need is to allow / invite public account users to use the services. If the company had 400 emplyees using their GIS systems this would become costly.
My take on this is that the members should be the people that are allowed to post and edit data. The entity should be allowed to share any data with anyone they choose without having to add them into their organization. This all comes down to how you share / protect the information. Many organizations have sensitive data that they may only want to share with certain individuals. At this point our only option is to add them to the organization and consume a member or make the data public to the everyone.