At the highest level of the object tree, you find the root organization, which is created during the installation and configuration of Enterprise Security. There can be only one root organization.
The Security Officer uses Enterprise Security Manager to create, view, update, and delete suborganizations. There is no limit to the number of suborganizations you can have, but they must all be below the root organization.
If you create a suborganization, you can choose whether to create it in the default domain or in a new security domain. Each security domain contains a set of controlling assets, which control access to the security objects in the domain. See Chapter 5, “Delegated Administration,” for information about security domains and controlling assets.
Table 3-1 describes the permissions you must have to manage organizations.
Action |
Permissions required |
|---|---|
Create an organization |
LIST and WRITE on the organization controlling asset, and LIST on the controlling asset of the domain, because you must select the domain in which to create the organization. To display a list of all domains, you must have LIST permission on the controlling asset of each domain. |
View the organizations in a domain |
LIST on the organization controlling asset. |
View the properties of an organization |
READ on the organization controlling asset and the domain controlling asset. |
Update organization properties |
UPDATE on the organization controlling asset. |
Move an organization to a different domain |
READ, UPDATE, and DELETE on the organization controlling asset in the current domain and WRITE on the organization controlling asset in the new domain. |
Delete an organization |
READ and DELETE on the organization controlling asset. |
Creating an organization
In the Organization Manager tree view, highlight the organization under which you want to create a suborganization, and click New.
In the Create New Organization dialog box, enter these values, and click OK:
Organization Name – name for the suborganization.
Security Domain – select the name of an existing security domain from the drop-down list.
Description – a description of the suborganization.
A container for the new suborganization displays in the center pane. The suborganization displays the same objects as its parent organization, but without any entries. Repeat this process for each suborganization you want to create.
Viewing an organization’s properties
Highlight the organization’s name in the Organization Manager tree view. The description and the name of the security domain that contains the organization display in the right pane.
Updating an organization’s properties
In the Organization Manager tree view, highlight the name of the organization you want to update, and click Edit.The Edit Organization dialog box displays.
Modify the organization’s properties, and click OK.
Deleting an organization
You can delete any organization except the root organization.
In the Organization Manager tree view, highlight the suborganization you want to delete.
In the right pane, right-click, and select Delete Organization.
Click Yes to confirm the deletion.
