Organizational unit

An Organizational unit defines and groups resources.

An Organizational unit (OU) is a way of defining and grouping resources in a SafeLinx Server system.

Each resource in a SafeLinx Server system is defined to a primary OU. A primary OU uses the X.500 naming convention that is described in RFC 1779 available at ftp://ftp.isi.edu/in-notes/rfc1779.txt and is similar to a Lightweight Directory Access Protocol (LDAP) object's base distinguished name. It uses a directory structure that provides a unique key for locating the resource. A primary OU starts with a suffix. This suffix is defined when a SafeLinx Server is configured. For example, o=organization, c=country.

After the suffix, you can define one or more OUs, such as geographic regions within a company. For example, a company names BigNet with four geographic regions (North, South, East, West) creates four OUs, one for each region. The notation, including the suffix, for each region is:
  • ou=North,o=BigNet,c=us
  • ou=South,o=BigNet,c=us
  • ou=East,o=BigNet,c=us
Resources are assigned to an OU. You can create other OUs to group and isolate resources. For example, BigNet is a service provider in its North region for three companies, CoA, CoB, CoC. To separate the resources for each company, BigNet creates an OU for each company. The primary organizational unit notation for resources in each company is:
  • ou=CoA,ou=North,o=BigNet,c=us
  • ou=CoB,ou=North,o=BigNet,c=us
  • ou=CoC,ou=North,o=BigNet,c=us

This structure is visually represented in the SafeLinx Administrator as:

The North parent folder opens into CoA, CoB, and CoC.

When company resources such as users, admins, and mobile devices are created, they are assigned to a primary OU. Admins are given authority to access resources within specific OUs.

In addition to the primary OU, you can create additional OUs to group resources in different ways. For example, a BigNet admin wants to work with all users from all three companies in the North region. The admin creates an OU called AllUsers and assigns the user IDs from all three companies to the AllUsers additional OU. The Big Net administrator's view of organizational units would display as:

The North parent folder is on the left, with CoA, CoB, and CoC listed vertically on the left. Under these folders is the AllUsers folder on the left, aligned vertically with the North Folder.

The users from CoA, CoB, CoC OUs display under both the CoX OU which is their primary OU, and under the AllUsers OU that is defined as their additional OU. You can also give administrators access to only the AllUsers OU, in which case they only would see the AllUsers OU and not the North OU and its children. In this case, they can still work with the CoA, CoB, and CoC users from the AllUsers OU except for delete and move operations.

OUs can span more than one SafeLinx Server or you can have one primary OU per SafeLinx Server. To move a resource from one OU to another, an admin must have an access control level of at least Create for that resource in the old OU, and an access control level of Add for that resource in the new OU.

Note: When you delete an OU, all resources with that OU in their primary path are deleted.