CentraSite Documentation : Working with the CentraSite Business UI : Managing Organizations : Basic Organization Structure
Basic Organization Structure
 
The Default Organization
An organization functions as a high-level container for a set of users and the assets that they own. The users that belong to an organization are permitted to access all of the organization's assets. If other users require access to the organization's assets, they must obtain explicit permissions to do so.
An organization is composed of users, groups, roles and permissions.
*An organization can have zero or more child organizations. Each child organization is a separate organization in its own right and has its own set of users, groups, roles and permissions.
*An organization can have one or more users. A user represents an individual who is an authorized user of CentraSite. Users are identified by a unique ID known to the external authentication system that CentraSite is configured to use. A user can belong to only one organization.
*An organization has one or more groups. A group represents a set of users. Groups enable you to collectively apply permissions and other capabilities to a specified set of users. All organizations include the following predefined groups:
Group
Description
Users
All users belonging to the organization. The API requires all organizations to have this group.
Members
All users belonging to the organization or any of its descendants (i.e., children, children's children, and so forth).
*An organization has one or more roles that can be assigned to users or groups. By default, each organization includes the following set of roles: Organization Administrator, Policy Administrator, Asset Administrator, Asset Provider and Asset Consumer. A role is a collection of system-level permissions and/or organization-level permissions. These permissions enable users to work with specific types of objects or perform certain tasks. Roles can be assigned to individual users or to groups. The assignment of a role confers the permissions in the role upon the assigned user or group.
*Instance-level permissions are used to give specific users or groups access to individual assets or registry objects. They enable you to apply very fine-grain access controls to the assets in your organization.
Copyright © Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback