An organization functions as a high-level container for a set of users and the assets that they own. The users that belong to an organization are permitted to access all of the organization's assets. If other users require access to the organization's assets, they must obtain explicit permissions to do so.
An organization is composed of users, groups, roles and permissions.
An organization can have zero or more child organizations. Each child organization is a separate organization in its own right and has its own set of users, groups, roles and permissions.
An organization can have one or more users. A user represents an individual who is an authorized user of CentraSite. Users are identified by a unique ID known to the external authentication system that CentraSite is configured to use. A user can belong to only one organization.
An organization has one or more groups. A group represents a set of users. Groups enable you to collectively apply permissions and other capabilities to a specified set of users. All organizations include the following predefined groups:
| Group | Description |
|---|---|
| Users | All users belonging to the organization. The API requires all organizations to have this group. |
| Members | All users belonging to the organization or any of its descendants (i.e., children, children's children, and so forth). |
An organization has one or more roles that can be assigned to users or groups. By default, each organization includes the following set of roles: Organization Administrator, Policy Administrator, Asset Administrator, Asset Provider and Asset Consumer. A role is a collection of system-level permissions and/or organization-level permissions. These permissions enable users to work with specific types of objects or perform certain tasks. Roles can be assigned to individual users or to groups. The assignment of a role confers the permissions in the role upon the assigned user or group.
Instance-level permissions are used to give specific users or groups access to individual assets or registry objects. They enable you to apply very fine-grain access controls to the assets in your organization.
CentraSite is installed with one predefined organization called Default Organization. The default organization owns the system-defined registry objects that CentraSite uses. You cannot delete the Default Organization, nor can you rename it.
As a best practice, you should avoid using the default organization as an ordinary organization. Instead, treat it as the "home" for system-wide objects such as asset types, taxonomies, targets and system-wide policies, and restrict membership in this organization to a small number of administrative users.
