Organizational units

Organizational units (OUs) are containers that are used to group and isolate resources and, in combination with ACLs and ACL profiles, to control administrative access to those resources.

Every SafeLinx resource is assigned to a primary OU. The OU to which a resource belongs determines who has administrative access to control the resource.

OUs are created in a tree structure, similar to directories. OUs use the X.500 naming scheme, which is defined in Internet Engineering Task Force (IETF) RFC 1779. At the root is a base distinguished name that is specified as o=orgname,c=unitname. For example, if you want to represent a company that is called BigEye with offices throughout Canada, assign a base distinguished name of o=BigEye,c=Canada. Next, create organizational units for each province in which BigEye does business. If these provinces are Ontario, Quebec, and Manitoba, there would be three OUs:

ou=Manitoba,o=BigEye,c=Canada
ou=Ontario,o=BigEye,c=Canada
ou=Quebec,o=BigEye,c=Canada

Organizational units can be nested to any number of levels.

If the Ontario network has subnets that are centered in Ottawa and Toronto, the OUs might look like the following example:

ou=Ottawa,ou=Ontario,o=BigEye,c=Canada
ou=Toronto,ou=Ontario,o=BigEye,c=Canada

The preceding organizational structure might also be represented as in the following example:

BigEye,Canada 
	Manitoba
	Ontario
		Ottawa	
		Toronto
	Quebec

By default, SafeLinx creates the following three organizational units:

SafeLinx: The root-level OU in the hierarchy that is the parent for all other resources.
System: The OU that contains the user IDs of users who are not authenticated by the SafeLinx Server. For more information about the user IDs displayed in the System OU, see Viewing users.
Default Resources: The OU that contains commonly used groups, profiles, and filters. For more information, see Default resources.

When you create a resource, you could assign it to one of the default OUs. But to take advantage of the administrative control that OUs and ACLs give you over your resources, you would assign it to an OU of your own creation. When you create a custom organizational structure, and assign resources to OUs within it, you can use ACLs to design a thoughtful scheme of administrative access. You can grant specific administrators the access to manage the resources in a specific OU and distribute administration across business units in the organization.

You can add resources to multiple OUs. For example, you might create a second hierarchy to represent different divisions of your company, independent of location. Then, you might create OUs called Sales, Testing, and Development. Then, you can assign resources to these additional OUs to view them in those groupings. The only resource that cannot be assigned to multiple OUs is an OU.

You can also move a resource from one OU to another.

If you delete an OU, all resources that have the deleted OU as their primary OU are deleted.