Overriding Organization Relationships

System actions are provided that override organization relationships, giving the caller access to all organizations, regardless the organization relationships that have been set up. These system actions are typically given to administrative users.

The system actions that override organization relationships are:

• organizationAdmin - This system action is only applicable to OrgModelService operations. Users with this system action will see all organizations when calling operations that return organization models, regardless the organization relationships set up.

  Note that to call any operation in the OrgModelService, the user must also possess the browseModel system action — holders of the organizationAdmin system action get additional access (if there are organization relationships defined).

• LDAPAdmin - This system action, which is required for many service operations, may also give the caller access to all organizations, regardless the organization relationships set up, depending on the operation.

  When calling the DirectoryService operations listed below, the caller must possess either the resourceAdmin or LDAPAdmin system action. If the caller has only the resourceAdmin system action, the organizations he can see are restricted by organization relationships. If he also has (or has only) the LDAPAdmin system action, he can see all organizations, regardless the organization relationships set up when using the following operations:

  • listCandidateResources
  • listContainers

You can determine if a user has a specific system action by using the listAuthorisedOrgs operation.

Copyright © Cloud Software Group, Inc. All rights reserved.