Container Organization Relationships

When you are creating or editing an LDAP container, you can specify that the LDAP container have a relationship with one or more organizations. These organization relationships allow you to prevent users from seeing LDAP containers and organizations they are not intended to see, as well as prevent resources from being mapped to positions in organizations they should not be in.

The ability to see containers and organizations (that is, the resources in those containers and organizations) has an impact when you are using the Organization Browser. It also affects the resources that you see when using the Reallocate Work Items to World function in a client application.

Note: Organization relationships do not apply to groups. That is, you cannot prevent a resource from seeing the resources in a particular group when using the Organization Browser or reallocating work items to world.

If an organization relationship exists for the selected container, it is shown in the Organizations field on the Organization Browser’s LDAP Containers dialog:

In this example, the LDAP container named "East" has a relationship with the ReardenSteel organization.

For more information about assigning organization relationships, see Creating an LDAP Container using an LDAP Query and Creating an LDAP Container using an LDAP Group.

Overriding Organization Relationships

There is a system action called Organization Admin that can be used to override organization relationships in the following ways:

  • Users who posses this system action can see all containers, organizations, and resources, regardless of the organization relationships that are defined (you also need the Browse Model and LDAP Admin system actions to view LDAP containers).
  • Users who possess this system action can be mapped to any organization, regardless the organization relationships that are defined.