Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide

Two-Tiered Hierarchy

In this scenario, a large company such as an Internet Service Provider (ISP) provides services to businesses. Each business has its own unique domain, which may contain thousands or tens of thousands of users.

Instead of relying on a single Top-Level Administrator (TLA) to manage and provision all the domains, this scenario supports the delegation of tasks to lower-level administrators.

In a two-tiered hierarchy, the directory contains multiple organizations. A separate organization is created for each hosted domain.

Each organization is assigned to an Organization Administrator (OA). The OA is responsible for the users in that organization. An OA cannot view or modify directory information outside the OA’s own organization.

Figure 1–2 shows an example of the administrator roles in a two-tiered hierarchy.

Figure 1–2 Administrator Roles in a Two-Tiered Hierarchy

Administrator roles in a two-tiered hierarchy.

In the example shown in Figure 1–2, the TLA creates and manages OA1, OA2, up to OAn. Each OA manages the users in one organization.

If you need multiple organizations in your directory, you should create the TLA and OAs to administer the organizations and their users.

For more information, see the following sections: