How You Secure Organizations
A valid organization security profile can secure access to all organizations in the enterprise or any subset of those organizations. This topic explains how to set the criteria in an organization security profile to identify a specific set of organizations.
You can use any combination of the following three sections of the organization security profile to identify a set of organizations:
-
Organization Hierarchy
-
Organization Classification
-
Organization List
In the Organization List section, you can select some organizations to include and some to exclude. All criteria that you specify in all sections apply.
The following table identifies the set of organizations that results from each combination of criteria in the organization security profile.
Hierarchy |
Classification |
List (Exclude) |
List (Include) |
Set of Organizations |
---|---|---|---|---|
Yes |
No |
No |
No |
All organizations in the specified hierarchy |
No |
Yes |
No |
No |
All organizations of the selected classifications in the enterprise |
No |
No |
Yes |
No |
All organizations in the enterprise, minus those listed |
No |
No |
No |
Yes |
The listed organizations |
Yes |
Yes |
No |
No |
Organizations of the selected classifications that belong to the specified hierarchy |
Yes |
No |
Yes |
No |
All organizations in the specified hierarchy, minus those listed |
Yes |
No |
No |
Yes |
All organizations in the specified hierarchy, plus those listed |
No |
Yes |
Yes |
No |
All organizations of the selected classifications, minus those listed |
No |
Yes |
No |
Yes |
All organizations of the selected classifications, plus those listed |
Yes |
Yes |
Yes |
No |
All organizations of the selected classifications in the specified hierarchy, minus those listed |
Yes |
Yes |
No |
Yes |
All organizations of the selected classifications in the specified hierarchy, plus those listed |
Yes |
Yes |
Yes |
Yes |
All organizations of the selected classifications in the specified hierarchy, plus and minus those listed |
The following rules apply to use of the Organization List section of the organization security profile:
-
When you add an organization to the Organization List section and select Include, that organization is added to the security profile instance set. Typically, you do this when an organization isn't identified by the other criteria in the security profile. For example, you could include the Legal Employer classification and add a department to the Organization List section. No error would occur if you included a legal employer in the Organization List section, even though that organization was already included.
-
When you add an organization to the Organization List section and select Exclude, that organization is excluded from the security profile instance set. Typically, you do this when an organization is identified by the other criteria in the security profile. For example, you could include a department hierarchy and add one of those departments to the Organization List section to exclude it. No error would occur if you included a legal employer in the Organization List section, even though legal employers were already excluded.