Org Unit or Environment based Roles

orchestrator
i_considering

#1

Currently, we are using 1 orchestrator environment with multiple tenants, org units, and environment. One of the issue we had was granting appropriate privilege on the different org unit and environment, due to how we are being set up.

The role based permissions currently applies across the tenant, not to the org unit (unless we do not grant them permission to that tenant). We use do have use cases such as certain roles requiring to create or update packages in 1 org unit or environment but not the other.


#2

So the problem is that User A having Role B will get the same role in Unit1 and Unit2. You can not have the same user having RoleB in Unit1 and RoleC in Unit2. Right?


#3

That is one part of the problem. If you have a role, it is tenant wide role in all orgunits you are assigned.

The second and much bigger problem is the missing inheritance. Both in OrgUnits itself and in the roles.

For example. If you build a big department all units are on the same level. This is not the reality in most cases.

Please bring up a solution, so I can manage bigger company structures appropriate


#4

How many levels do you need?


#5

3 or 4 would be great! If you can make that happen I would work out the exact number. But if you would implement something like that, would it not be n-levels?

I thought about an inheriting structure, where I can create an OrgUnit and place it as a child into the parental OrgUnit. So the user from the parental OrgUnit have the rights in all child Units, but not vice versa.