Organizational unit
An Organizational unit defines and groups resources.
An Organizational unit (OU) is a way of defining and grouping resources in a SafeLinx Server system.
Each resource in a SafeLinx Server system is defined to a primary OU. A primary OU uses the X.500 naming convention that is described in RFC 1779 available at ftp://ftp.isi.edu/in-notes/rfc1779.txt and is similar to a Lightweight Directory Access Protocol (LDAP) object's base distinguished name. It uses a directory structure that provides a unique key for locating the resource. A primary OU starts with a suffix. This suffix is defined when a SafeLinx Server is configured. For example, o=organization, c=country.
- ou=North,o=BigNet,c=us
- ou=South,o=BigNet,c=us
- ou=East,o=BigNet,c=us
- ou=CoA,ou=North,o=BigNet,c=us
- ou=CoB,ou=North,o=BigNet,c=us
- ou=CoC,ou=North,o=BigNet,c=us
This structure is visually represented in the SafeLinx Administrator as:
When company resources such as users, admins, and mobile devices are created, they are assigned to a primary OU. Admins are given authority to access resources within specific OUs.
In addition to the primary OU, you can create additional OUs to group resources in different ways. For example, a BigNet admin wants to work with all users from all three companies in the North region. The admin creates an OU called AllUsers and assigns the user IDs from all three companies to the AllUsers additional OU. The Big Net administrator's view of organizational units would display as:
The users from CoA, CoB, CoC OUs display under both the CoX OU which is their primary OU, and under the AllUsers OU that is defined as their additional OU. You can also give administrators access to only the AllUsers OU, in which case they only would see the AllUsers OU and not the North OU and its children. In this case, they can still work with the CoA, CoB, and CoC users from the AllUsers OU except for delete and move operations.
OUs can span more than one SafeLinx Server or you can have one primary OU per SafeLinx Server. To move a resource from one OU to another, an admin must have an access control level of at least Create for that resource in the old OU, and an access control level of Add for that resource in the new OU.