In these two examples, administrators and target populations can be set for each delegation level.
Astuce |
---|
|
The "Root" unit is the parent of all other units. It is the BlueMind domain: it cannot be deleted and enables you to grant rights for the whole domain. All users belong to this organisational unit by default. The Root unit incorporates additional rights relative to other delegations (for data that cannot be divided and applies to the whole domain: system configuration, server management, applications to assign to users, etc.) Avertissement |
---|
title | Access to the admin console |
---|
| The Root includes the Admin Console right which must be enabled for a user you want to grant rights over an organisational unit to. This isn't enabled automatically. |
|
Creation
- Click the "Create Organizational Unit" button to open a creation window:
![](/confluence/download/attachments/57771479/delegation_01_creationou_en.png?version=1&modificationDate=1497286988125&api=v2)
- Enter the name for organizational unit you want to create and, if appropriate, a parent to create a new tree branch.
- Click "Create" to apply.
Deletion
In the Organizational Units page:
- Select the unit(s) you want to delete by checking the appropriate box(es)
- Click the "Delete" button at the top of the list
- Confirm
![](/confluence/download/attachments/57771479/delegation_08_supprou_en.png?version=1&modificationDate=1497349495083&api=v2)
Assigning a member to a delegation
By default, a user always is a member of the Root organizational unit. For a user to be a member of a child organizational unit, go to the user's administration page:
in the General tab, fill in the "Member of delegation" field using autocomplete which suggests existing units:
![](/confluence/download/attachments/57771479/delegation_07_affectation_en.png?version=1&modificationDate=1497286356409&api=v2)
Save to apply the changes.
Info |
---|
A user can be a member of one delegation only. |
Ancre |
---|
| delegation-role |
---|
| delegation-role |
---|
|
Delegating administration rights
Info |
---|
Administrators may only assign or withdraw roles they themselves have. |
Astuce |
---|
title | Administration and membership |
---|
|
An administrator does not need to be a member of an organizational unit to administer it. |
To a user
To assign a unit's administration rights to a user, go the user's administration page, and in the "General" tab, go to the "Roles" section:
![](/confluence/download/attachments/57771479/delegation_02_roles_en.png?version=1&modificationDate=1497286865920&api=v2)
This section shows:
- Top: the rights assigned to the user for each organizational unit – as text
- Left hand side (gray background): the list of organizational units concerned.
- Right hand side: the rights for the unit currently selected in the list.
The rights inherited from a parent organizational unit or a group are grayed out, they can be deleted for this organizational unit only.
To add administration rights for an organizational unit that isn't included in the list:
- Click the
button at the top of the section and search for the unit using autocomplete:
![](/confluence/download/attachments/57771479/delegation_04_rechou_en.png?version=1&modificationDate=1497286482327&api=v2)
- Select the unit and confirm
- The organizational unit is then added to the list of delegations:
![](/confluence/download/attachments/57771479/delegation_05_newdeleg_en.png?version=1&modificationDate=1497286391050&api=v2)
- Check the appropriate rights (they are added to the text list at the top as you check them):
![](/confluence/download/attachments/57771479/delegation_06_droits_en.png?version=1&modificationDate=1497286368987&api=v2)
If the role requires access to the administration console:
- click on Root
- in the right-hand side, check the "Administration Console" role
For more information, see the box at the top of the page.
Save to apply the changes.
To a group
To assign rights to a group of users, go to the group's management page > Roles tab:
![](/confluence/download/attachments/57771479/delegation_09_groupe_en.png?version=1&modificationDate=1505125949536&api=v2)
Roles are then managed in the same way as for users - see the previous chapter.
The rights assigned here will be applied to all group members and throughout the domain they belong to.
Remarque |
---|
In individual users' pages, the roles they are assigned via a group are then checked and grayed out – they cannot be unchecked individually. Users who belong to a group automatically enjoy all the rights assigned to that group. |