Organizations are groups that are usually based on function. Organizational roles identify what roles members of the organization perform. Organizational roles control who can view or modify solutions based on the solution owning group and solution status. They can be created by identifying an organization and then adding users and access rights. When you are developing an organizational role, you can use global roles as templates, or you can design custom roles using direct access rights.

Note: Organizational roles are necessary for workflows to function correctly. Assigning a user a global role will not activate the workflow; the user must have an organizational role assigned.

Typically users are added to organizational roles that correspond to their organization. However, organizational roles can be granted to organizations instead of granting the role directly to the user. This is useful if users and their group membership are administered using an external identity management system, such as LDAP.

Using LDAP

If your user group membership is stored in an external LDAP database, you can map the profile repository against your LDAP database. By granting authorization to the organizations as opposed to a user, you can externally add a user to the organization without having to define the user in the Service Administration console. The user is then granted any organizational roles granted to the organization to which they belong.

For additional information on configuring security with LDAP, refer to the ATG Platform Programming Guide.