> > On Sep 10, 2015, at 6:30 AM, Olaf Jentsch <[email protected]> wrote: > > I would like to seperate different administrative tasks for different > permissions but to show the same user for different administrative roles. > > A user u has RoleA in order to get permissions in perm group PA. > I create an admin role AdminA, which can assign RoleA to users in Org Unit > OUA in order to get permissions from perm group A, > so happened for user u when AdminA assigned RoleA to him. > > There is a new application with his own permissions organized in perm group B > an assigned to RoleB. > I would like to create a similar admin role AdminB, which can assign RoleB to > users in OUB in order to get permissions from perm group B. > > But now the user u in OUA needs the permissions from perm group B. AdminB > cannot assign RoleB to him, because user u is in OUA and not in OUB. > And I don't want AdminB watching all users in OUA, he only should see users > from OUB. > > Fortress should allow the assignment of several OU's for this use case or is > something wrong in my structure?
You could achieve nearly the same thing by structuring the ous hierarchically. For example you could have a structure like this: User Org A: parent X User Org B: parent X Then you could add a new admin role that has X as the user ou assignment. Assignees of this role would be allowed to administer to users from both Org A and Org B. Would that work? Shawn
