OrgType

Last modified 30 Nov 2021 14:50 +01:00

OUTDATED

This page is outdated, it contains information that was not updated in a long time. The described functionality may or may not work. Do not rely on information provided on this page.

Table of Contents

Description
SchemaDoc
Important Items
See Also

Description

Organizational unit, division, section, object gropup, team, project or any other form of organizing things and/or people. The OrgType objects are designed to form a hierarchical organizational structure (or rather several parallel organizational structures).

Orgs are designed for grouping of objects. Orgs usually group users, but they can group any kind of objects (roles, policies, resources, etc.) This can be used to create a flexible delegated administration setup.

See Organizational Structure page for general introduction to the concepts.

OrgType, as all the midPoint objects, is a subtype of ObjectType. Therefore it has all the basic properties such as name and description.

OrgType has a common supertype with RoleType. Therefore Orgs can also work as roles and OrgType has almost all of the properties that RoleType has. Although roles and orgs are very similar there is one principal difference: Orgs are designed for grouping, roles are designed for flexible policy definition.

OrgType is also a focal type. Therefore it can behave as a "focus" (authoritative object) in midPoint synchronization. In that case the Orgs can correspond to LDAP OUs or groups or any similar resource objects.

SchemaDoc

Following links can be used to get full an authoritative description of the role object schema:

Relase	SchemDoc link
Latest stable	OrgType
Development	OrgType

Relase

SchemDoc link

Latest stable

OrgType

Development

OrgType

Important Items

User object contains following frequently used items:

Property	Type	Description
roleType	string optional	Type of the organizational tree. It is used to distinguish what a specific Org represents. Whether it is a functional organizational unit, project, team, etc. It is generally assumed that all Org objects in the same tree will have the same value of this property. Although this is not a strict requirement the operation in the scripting libraries and some pre-defined structures work with this assumption.Examples: functional,_ project_, team, realm
tenant	boolean optional	Flag indicating whether this object is a tenant or not. Tenants are top-level organizational units of organizational structures that are designed to be independent of one another. It represents a "customer" is service provider environment.
costCenter	string optional	The name, identifier or code of the cost center that applies to this org.
locality	PolyString optional	Primary locality of the org, the place where the org is usually placed, the country, city or building that it belongs to. The specific meaning and form of this property is deployment-specific.
mailDomain	string optional, multi	Domain part of RFC822 e-mail address that applies to this organization.
displayOrder	int optional	The content of this property specifies an order in which the organization should be displayed relative to other organizations at the same level. Organizations will be displayed by sorting them by the values of displayOrder property (ascending). These that do not have any displayOrder annotation will be displayed last. Organizations with the same displayOrder are displayed in alphabetic order.
passwordPolicyRef	ObjectReferenceType optional	Reference to the password policy settings which will be used for generate/validate password for this organization.
displayName	PolyString optional	Human-readable name of the org. It may be quite long, container national characters and there is no uniqueness requirement. It is used if the "name" property contains a code that is not entirelly user-friendly.
assignment, inducement	AssignmentType optional, multi	See Assignment and Assignment vs Inducement.
authorization	AuthorizationType optional, multi	Set of authorizations that apply to org members. Authorization define fine-grained access to midPoint objects and system functionality. The authorizations that are defined in a role apply to all users that have this org assigned (such user is a "subject" of the authorizations). See Authorization
riskLevel	string optional	Indication of the level of risk associated with the persissions that this org assigns. This may be a numeric value, textual label are any other suitable machine-processable indication.
ownerRef	ObjectReferenceType optional	Owner of this org. The owner is a person (or group) that is responsible for maintenance of org definition. This reference may point to object of type UserType of . Note: this is not a manager of the organizational unit. This a person responsible for maintaining the definition, which is usually someone from IT security team or a "business owner" of the organizational structure tree.
approverRef	ObjectReferenceTypeoptional, multi	Approvers for this org. The approver is a person (or group) that approves assignment of this org to other users. This reference may point to object of type UserType of .
condition	MappingType optional	The role-like aspects of this org are applied only if the condition is evaluated to true. The condition is used to define conditional roles.
policyConstraints	PolicyConstraintsType optional	Set of governance, risk management, compliance (GRC) and similar policy constraints that influence the identity model. (since midPoint 3.1.1)

Property

Type

Description

roleType

string
optional

Type of the organizational tree. It is used to distinguish what a specific Org represents. Whether it is a functional organizational unit, project, team, etc.
It is generally assumed that all Org objects in the same tree will have the same value of this property. Although this is not a strict requirement the operation in the scripting libraries and some pre-defined structures work with this assumption.Examples: functional,_ project_, team, realm

tenant

boolean
optional

Flag indicating whether this object is a tenant or not. Tenants are top-level organizational units of organizational structures that are designed to be independent of one another. It represents a "customer" is service provider environment.

costCenter

string
optional

The name, identifier or code of the cost center that applies to this org.

locality

PolyString
optional

Primary locality of the org, the place where the org is usually placed, the country, city or building that it belongs to. The specific meaning and form of this property is deployment-specific.

mailDomain

string
optional, multi

Domain part of RFC822 e-mail address that applies to this organization.

displayOrder

int
optional

The content of this property specifies an order in which the organization should be displayed relative to other organizations at the same level. Organizations will be displayed by sorting them by the values of displayOrder property (ascending). These that do not have any displayOrder annotation will be displayed last. Organizations with the same displayOrder are displayed in alphabetic order.

passwordPolicyRef

ObjectReferenceType
optional

Reference to the password policy settings which will be used for generate/validate password for this organization.

displayName

PolyString
optional

Human-readable name of the org. It may be quite long, container national characters and there is no uniqueness requirement. It is used if the "name" property contains a code that is not entirelly user-friendly.

assignment, inducement

AssignmentType
optional, multi

See Assignment and Assignment vs Inducement.

authorization

AuthorizationType
optional, multi

Set of authorizations that apply to org members. Authorization define fine-grained access to midPoint objects and system functionality. The authorizations that are defined in a role apply to all users that have this org assigned (such user is a "subject" of the authorizations).
See Authorization

riskLevel

string
optional

Indication of the level of risk associated with the persissions that this org assigns. This may be a numeric value, textual label are any other suitable machine-processable indication.

ownerRef

ObjectReferenceType
optional

Owner of this org. The owner is a person (or group) that is responsible for maintenance of org definition. This reference may point to object of type UserType of .
Note: this is not a manager of the organizational unit. This a person responsible for maintaining the definition, which is usually someone from IT security team or a "business owner" of the organizational structure tree.

approverRef

ObjectReferenceTypeoptional, multi

Approvers for this org. The approver is a person (or group) that approves assignment of this org to other users. This reference may point to object of type UserType of .

condition

MappingType
optional

The role-like aspects of this org are applied only if the condition is evaluated to true. The condition is used to define conditional roles.

policyConstraints

PolicyConstraintsType
optional

Set of governance, risk management, compliance (GRC) and similar policy constraints that influence the identity model.
(since midPoint 3.1.1)

Full list of items can be found by using the SchemaDoc links above.

OrgType

Description

SchemaDoc

Important Items

See Also