Changes between Version 19 and Version 20 of S3/S3AAA/OrgAuth
- Timestamp:
- 09/04/12 09:45:58 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA/OrgAuth
v19 v20 13 13 In an organizational structure, a person entity can be a sub-unit ('''organization unit''', OU) of another person entity. E.g. an office can be a sub-unit of an organisation, or a person a sub-unit of a team. 14 14 15 === R oles and Realms ===15 === Realms === 16 16 17 The realm of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. 17 The '''realm''' of a person entity is the set of all records controlled ("owned") by this entity (="their data"). Which entity gains control over a record can be defined per record type, and even as deployment options. The realm which a particular record belongs to is encoded as person entity ID (pe_id) in the owned_by_entity field in this record. 18 19 === Role Restrictions === 18 20 19 21 In all !OrgAuth policies, a role assignment for a user (and thus all the permissions the user receives out of this role) can be restricted to a particular realm. 20 21 22 === Realm Hierarchy === 22 23