4.3 Configuring Dashboard User Account Structure

Before a user logs in, all users are considered a guest. The Operations Center guest account is used to display the default home page.

User accounts in the Dashboard are organized two ways:

  • By a structure that represents the corporate hierarchy

  • By groups

Groups from Operations Center are imported into the Dashboard automatically. Changes made to groups in the Dashboard do not impact the group in Operations Center. However, by default, changes made to groups in Operations Center do impact the group in the Dashboard; this setting can be changed in Section 4.1.2, Updating Access Control Synchronizer Settings.

The following sections review how you might organize the Dashboard user accounts into corporate hierarchy structure or configure the Dashboard groups:

4.3.1 Understanding the Dashboard Portal Architecture

The following addresses the relationship between the various entities that define the portal architecture.

  • Portals are accessed by Users.

  • Users can be collected into User Groups.

  • Users can belong to Organizations.

  • Organizations can be grouped into hierarchies, such as Home Office -> RegionalOffice -> Satellite Office.

  • Users, Groups, and Organizations can belong to Communities that have a common interest.

The simplest way to think about this is that you have users and various ways those users can be grouped together. Some of these groupings follow an administratively organized hierarchy, and other groupings can be done by the users themselves (such as different users from multiple organizations starting a community called “Dog Lovers” that has a common interest in dogs). And other groupings can be done administratively via Roles for other functions that might cut across the portal (such as a Message Board Administrators role made up of users from multiple communities and organizations, allowing those users to administer any message board in the portal).

This way of organizing portal concepts can be illustrated in the following manner:

In the illustration above, each arrow can be read as “can be a member of.” So this means that Organizations can be members of Communities, Communities can be members of Roles, Users can be members of anything, and so on. Though this seems very complex, it provides a powerful mechanism for portal administrators to configure portal resources and security in a consistent and robust manner.

It is important to note that the diagram illustrates only users and their collections. Permissions do not flow through all of these collections: permissions can be assigned to roles only.

Users

Users can be collected in multiple ways. They can be members of organization hierarchies, such as Your Company, Inc. > Security > Internet Security. They can be collected into arbitrary user groups, such as Bloggers, which would enable them to create blog entries in their personal space. They can be members of communities which draw together common interests. And they can have roles which describe their functions in the system, and these roles can be scoped by Portal, Organization, or Community.

For more information about the Dashboard user accounts including default user associations, see Section 4.4, Managing User Accounts.

User Groups

User groups are simple, arbitrary collections of users, created by administrators. They can be members of communities or roles. Permissions cannot be assigned to user groups. Though user groups do not have pages like some of the other collections of users (such as communities or organizations), they do have page templates which can be used to customize users' personal sets of pages.

For more information about user groups, see Section 4.3.3, Configuring Groups.

Roles

There are three kinds of roles:

  • Portal Roles

  • Organization Roles

  • Pages Community Roles

These are called role scopes. Roles are used to define permissions across their scope: across the portal, across an organization, or across a community. For example, consider a role which grants access to create a Message Board category. A Portal role would grant that access across the portal, wherever there was a Message Board portlet. A Community role would grant that access only within a single community. An Organization role would grant that access only within an Organization.

Because Roles are used strictly for portal security, they also do not have pages, like Communities and Organizations.

Users, User Groups, Communities, or Organizations can be members of a role.

For more information about roles, see Section 11.0, Portal and Community Permissions.

Organizations

Organizations are hierarchical collections of Users. They are one of the two types of portal resources that can have pages. There is also a special type of Organization called a location, which can define where users are specifically located.

Organizations are useful for defining where a user belongs in a particular hierarchy. For example, if implementing the portal for a large organization, it might help to define user Joe Smith via his position in the organization chart. If Joe Smith is a Sales Engineer located in the New Jersey office, working in the North East division of the Sales department, he might be a member of the following organizations:

  • Sales

  • North East Division

  • New Jersey Location

Then, if you add an Asset Publisher portlet as a static portlet on every user's home page (via a User Group page template) you can inform employees of various announcements via the content management system. If content is tagged appropriately, Joe Smith gets any announcements that are meant for Sales, the North East Division, or the New Jersey location.

Organizations can be members of Communities.

For more information about organizations, see Section 4.3.2, Configuring Corporate Hierarchy via Organizations and Locations.

Communities

Communities are collections of Users who have a common interest. The Dashboard’s default pages are in the Guest community, because everyone—whether they are anonymous or members of the portal—has a common interest in the default, public pages of your site. There are three types of Communities:

  • Open

  • Restricted

  • Hidden

An Open Community (the default) allows portal users to join and leave the Community whenever they want to, using the Control Panel or a Communities portlet added to a page to which they have access. A Restricted Community requires that users be added to the Community by a community administrator. Users can use the Control Panel or the Communities portlet to request membership. A Hidden community is just like a Restricted community, with the added concept that it does not show up at all in the Communities portlet or the Control Panel.

For more information about communities, see Section 5.0, Personal Pages, Page Configurations, and Communities.

4.3.2 Configuring Corporate Hierarchy via Organizations and Locations

Organizations are hierarchical collections of Users. They are one of the two types of portal resources that can have pages. There is also a special type of Organization called a location, which can define where users are specifically located.

An example of an organization is Operations Center USA. Organizations can have any number of sub-organizations or locations. Example locations of the Operations Center USA organization are Operations Center Chicago, Operations Center San Francisco, and Operations Center Los Angeles.

The following sections cover managing organizations and locations:

Understanding Organizations and Locations

Dashboard organizations are intended to model organizations in real life. They can be used to represent different companies, non-profit organizations, churches, schools, clubs, and so on. They have been used to represent a sports league, with various sports (soccer, baseball, basketball, etc.) and their teams as sub-organizations. If you have a set of users that belong to the same grouping, you can model as an organization.

Your dashboard can have any number of organizations, depending on the kind of site you are building. For example, a corporate site can model its own organization hierarchy, while a social networking site can have users from many various organizations who access the site. Organizations can have a hierarchy to unlimited levels, and Users can be members of one or many organizations—inside of a hierarchy or across hierarchies.

Additionally, Organizations can be associated with Roles. For example, an IT Security group of a company. You can have an organization within your IT organization that handles security for all of the applications company-wide.

If you had users as members of this organization, you could grant the Administrator role you just granted to your own ID to the whole Organization, thereby giving the members of the IT Security organization administrative access to the portal. If a user in this organization later was hired by the Human Resources department, the simple administrative act of moving the user from the IT Security organization to the HR organization would remove this privilege from the user, since the user would no longer be in an organization that has the Administrator role. By adding the user to the HR organization, any roles the HR organization has (such as access to a benefits system in the portal) would be transferred to the user. In this manner, you can design your portal to correspond with your existing organization chart, and have users' permissions reflect their positions in the chart.

Of course, this is only one way to design it. If you have more complex requirements, you can combine Organizations with User Groups and scoped Roles to assemble the sets of permissions you wish to grant to particular users.

Organizations are one of two types of resources (the other being Communities) that can have its own pages. This allows members of the organizations (if they are granted the Manage Pages permission) to maintain their own pages. They can have a set of public pages which include information and applications appropriate for guests or logged in users who are not members of the Organization to make use of (such as a help desk ticket entry system for an IT page), and they can have a set of private pages with applications for the organization's own use (such as the back-end portlets of the same ticketing system).

Adding an Organization or Location

To add an organization:

  1. Click Welcome and select Control Panel.

  2. Under Portal, select Organizations.

  3. Click Add.

  4. Specify a name for the new organization in the Name field.

  5. Specify whether the new organization is a regular organization or location in the Type drop-down list.

  6. If the organization is a location, select a Country and Region.

  7. Click Select link to specify a parent organization. A list opens to select the organization that is the direct parent of the organization. Click the Remove button to remove the currently configured parent.

  8. Click Save.

    The page shows additional options for entering information. Use the links to provide contact information about the organization: e‑mail addresses, mailing addresses, Web sites and phone numbers.

  9. Click View All to return to the list of organizations.

Configuring an Organization

To configure an organization:

  1. Click Welcome and select Control Panel.

  2. Under Portal, select Organizations.

  3. Click Action next to organization and select from the options to update and configure the organization.

    • Edit: Edit organization information.

    • Manage Pages: Lets you create and manage public and private pages for the Organization.

    • Assign User Roles: Lets you assign Organization-scoped roles to users. By default, Organizations are created with three roles: Organization Administrator, Organization Member, and Organization Owner. You can assign one or more of these roles to users in the organization. All members of the Organization get the Organization Member role.

    • Assign Members: Search and select users in the portal to be assigned to this organization as members.

    • Add User: Add new users in the portal who will be a member of this organization.

    • View Users: List of users who are members of this organization.

    • Add Regular Organization: Add a child organization to this organization to create hierarchies of organizations with parent-child relationships.

    • Add Location: Add a child Location, which is a special type of organization that cannot have any children added to it.

    • View Suborganizations: View all organizations that are children of this organization.

    • Delete: Deletes this organization from the portal. Make sure to verify that the organization has no users in it first.

  4. Click Save.

NOTE:You are already a member of the organizations you create. By creating an organization, you become both a member and have the Organization Owner role, which gives you full rights to the organization.

Searching for an Organization

To search for an organization:

  1. Click Welcome and select Control Panel.

  2. Under Portal, select Organizations.

  3. Enter the search criteria in the search field.

  4. Click Advanced to enter additional information such as address, region, type, or country; and specify how to match. Select All to find organizations that contain all search criteria, or Any to find organizations that contain at least one of the search criteria.

  5. Click Search.

    The results display at the bottom of the page.

4.3.3 Configuring Groups

Groups are designed to be a convenient mechanism for assigning users to communities and assigning permissions to users. Users can be members of one or more groups.

Understanding Groups

Groups are created and assigned like user accounts in the Dashboard. User Groups are arbitrary groupings of users. These groups are created by portal administrators to group users together who don't have an obvious organizational or community-based attribute or aspect which brings them together. Groups cannot have permissions like roles, but User Groups can be added to Roles. Why would you use User Groups, then? They come into play when you have complex security requirements and for page templates.

Creating User Groups and Assigning Users

Use the Operations Center console to create user groups and assign users. Any groups manually created in the Dashboard are automatically deleted.

For information on creating users and groups, see User and Group Accounts in the Operations Center 5.6 Security Management Guide.

Configuring Groups

IMPORTANT:Actions taken on groups in the Dashboard (such as creating, updating, or deleting groups) do not impact the group in the Operations Center server. However, by default, changes made to groups in Operations Center do impact the group in the Dashboard.

To configure a group:

  1. Click Welcome and select Control Panel.

  2. Under Portal, select User Groups.

  3. Click Action next to organization and select from the options to update and configure the organization.

    • Edit: Modify the name or description of the group.

    • Permissions: Define which Users, User Groups, or Roles have permissions to edit the group.

    • Manage Pages: User Groups don't have pages of their own, you can create page templates for a group. When a User Group has page templates, any users added to the group will have the group's pages copied to their personal pages. This allows you to do things like create a Bloggers user group with a page template that has the Blogs and Recent Bloggers portlets on it. The first time users who are added to this group log in to the portal, this page is copied to their personal pages. They automatically have a blog page that they can use.

    • Assign Members: Search for and select users in the portal to be assigned to the group.

    • View Users: View all users in a group.

    • Delete: Deletes the group.

  4. Click Save.