Container Organization Relationships

When you are creating or editing an LDAP container, you can specify that the LDAP container have a relationship with one or more organizations. These organization relationships allow you to prevent users from seeing LDAP containers and organizations they are not intended to see, as well as prevent resources from being mapped to positions in organizations they should not be in.

The ability to see containers and organizations (that is, the resources in those containers and organizations) has an impact when you are using the Organization Browser. It also affects the resources that you see when creating and editing supervised work views, as well as when using the Allocate Work Items to World function in a client application.

For organization relationships to work, the OrgModelRestrictionsEnabled property in the DE.Properties file must be set to true. (The DE.Properties file is located on the server; it contains properties for the Directory Engine. For more information see the TIBCO ActiveMatrix BPM Administration Guide.)

If an organization relationship exists for the selected container, it is shown in the Organizations field on the Organization Browser’s LDAP Containers dialog:

In this example, the LDAP container named "East" has a relationship with the ReardenSteel organization.

For more information about assigning organization relationships, see Defining the Primary Source Using an LDAP Query and Defining the Primary Source Using an LDAP Group.

There is a system action called “Organization Admin” (DE.organizationAdmin) that allows a user who possesses this system action to see all containers, organizations, and resources, regardless of the organization relationships that are defined (you also need the DE.browseModel and DE.LDAPAdmin system actions to view LDAP containers). Note, however, this system action does not allow a resource to be mapped to a position in an organization from which the resource has been barred because of organization relationships.