Sun Identity Manager Deployment Reference

End User Controlled Organizations

The End User Controlled Organizations rule determines the set of organizations that are controlled by a user logging into the End User interface. These organizations, together with the End User organization, define the scope of control over which a user is granted the permissions specified in the EndUser capability (AdminGroup). Because this is a rule, it allows the scope of control to vary depending on which user is logging into the End User interface.


User view of the authenticating end user

You must specify the following for a custom End User Controlled Organizations rule:




Not specified 


A single controlled organization (string) or a list of controlled organizations. Each value can be an organization name or ID. If an organization name is returned, it must be fully qualified up to Top (for example, Top:Marketing:South)

Predefined Rules 

Defaults to returning the organization of which the user is a member (for example, waveset.organization)