Organization Relationship Examples
An organization relationship allows you to prevent users from seeing LDAP containers and organizations they are not intended to see, as well as prevent resources from being mapped to positions in organizations they should not be in.
The descriptions that follow assume the resource does not have the DE.organizationAdmin system action.
The following summarizes the result of organization relationships:
- Resources that are in a container that does not have a relationship with any organization can:
- Resources that are in a container that has one or more organization relationships can:
- see containers that do not have a relationship with any organization, as well as the container they are in.
- see organizations that do not have a relationship with any container, as well as organizations to which their container has a relationship.
- be mapped to organizations that do not have a relationship with any container, as well as to the organizations that have a relationship with the container the resource is in.
The following graphic illustrates these points by showing four organizations and four LDAP containers. The arrows represent a relationship between the container and the organization. Under each container is a resource that is in that container, and to the right of each resource is shown the organizations and LDAP containers the resource can see.
- All resources can see Org1 and LDAP1 because neither has an explicit relationship set up.
- The resources in containers that have an organization relationship can also see the LDAP container they are in, as well as the organizations for which their container has a relationship.
- Any of the resources can be mapped to Org1, as well as to the organization(s) to which their container has a relationship.
An important point to understand here is that if multiple containers have a relationship with a single organization, the resources in one container will not be able to see the resources from the other container when viewing the organization to which they both have a relationship.
For example, using the illustration above, if a resource from both LDAP3 and LDAP4 are mapped to the same position in Org3, when a resource from LDAP3 looks at that position (using the Organization Browser, when creating supervised work views, or when allocating work items to world), that resource will not see the LDAP4 resource that is mapped to that position. Likewise, a resource from LDAP4 will not see the LDAP3 resource when looking at that position.