Overriding Organization Relationships

System actions are provided that override organization relationships, giving the caller access to all organizations, regardless the organization relationships that have been set up. These system actions are typically given to administrative users.

The system actions that override organization relationships are:

• organizationAdmin - This system action is only applicable to OrgModelService functions. Users with this system action will see all organizations when calling functions that return organization models, regardless the organization relationships set up.

  Note that to call any function in the OrgModelService, the user must also possess the browseModel system action — holders of the organizationAdmin system action get additional access (if there are organization relationships defined).

• LDAPAdmin - This system action, which is required for many functions, may also give the caller access to all organizations, regardless the organization relationships set up, depending on the operation.

  When calling the DirectoryService functions listed below, the caller must possess either the resourceAdmin or LDAPAdmin system action. If the caller has only the resourceAdmin system action, the organizations that the user can see are restricted by organization relationships. But if the user also has (or has only) the LDAPAdmin system action, all organizations will be visible, regardless the organization relationships, when using the following functions:

  • listCandidateResources
  • listPagedCandidateResources
  • listContainers

You can determine if a user has a specific system action by using the listAuthorisedOrgs function.

Copyright © Cloud Software Group, Inc. All rights reserved.