Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
meera prince
What is parent organization user’s scope or presence in child organization?
January 30, 2013 3:28 AM
Answer

meera prince

Rank: Liferay Master

Posts: 689

Join Date: February 8, 2011

Recent Posts

Hi all

What is parent organization user’s scope or presence in child organizations? by default...

Thanks&Regards,
Meera Prince
Jos Groenewegen
RE: What is parent organization user’s scope or presence in child organizat
January 31, 2013 3:48 AM
Answer

Jos Groenewegen

Rank: New Member

Posts: 15

Join Date: October 16, 2012

Recent Posts

The most extensive guide on Organizations can be found here; Organization wiki page.

The following bit of the Wiki best answers your question I think, this regards permissions and how they work with parent and child organizations;

Inheritance of permissions #

Now we can use Liferay's permission system to assign permissions to users based on the organization to which they belong. That is, the Liferay permission system allows the portal administrator to assign a certain permission or role to ALL the members of an organization at once by assigning that permission or role to the organization itself. But not only to the users that currently belong to the organization, any new user that is later assigned to that organization will also get that permission or role.

This inheritance of permissions from the user's organization works hierarchically. For example, looking at the diagram above, if we want all of the members of the Engineering department have the custom role 'Engineer' I just have to assign it to the Engineering organization. John and Barbara don't belong to that organization directly but to sub-organizations (Frontend and Backend), but those sub-organizations also inherit the permissions from the parent.

That recursability of permissions from one organization to its children organization is most often what is desired, but not always. Imagine we want the members of the Directors Board, such as Bob, to be able to access a page called 'Confidential' in the guest community. We can assign that permission to the organization called 'Board', but then, every user would inherit that permission, because 'Board' is a parent of all other permissions.

To support this situations, each organization has an attribute named 'Recursable permissions' that allows the administrator to decide if the permissions assigned to that organization will be inherited by suborganizations or not. In our example we would set that attribute to false in the 'Board' organization to achieve our purposes. So our hierarchy of organizations would be as shown next:

Company ABC (Recursable permissions: Yes)
Board (Recursable permissions: NO)
Sales (Recursable permissions: Yes)
Engineering (Recursable permissions: Yes)
Frontend (Recursable permissions: Yes)
Backend (Recursable permissions: Yes)
Support (Recursable permissions: Yes)