<authorization>
<action>...</action>
<object>
<orgRelation>
<subjectRelation>org:manager</subjectRelation>
</orgRelation>
</object>
</authorization>
Org Relation Clause
Selects objects that are members of any org, for which the subject has a specific relation.
For example, an authorization using this clause can give access to any objects that are part of any organizational unit that the subject is managing. This is illustrated in the following snippet.
This is good for dynamic delegated administration. But please note that this authorization may degrade performance if the subject has relation to many organizational units.
Reference
Item | Description |
---|---|
|
Specifies the relation that the subject needs to have to the org for this condition to trigger.
This is usually |
|
Scope of application that will be used to select objects relative to the reference org.
It determines which objects will be selected (those above or below the reference node, shallow or deep, etc.)
Values: |
|
If set to |
Just as in Org Reference Clause, only effective membership is considered. |