Connect
User and group hierarchy example
Connected supports secure delegation of administrative rights through a combination of group hierarchy and the rank associated with a user's role. This example illustrates the span of administrative control that different types of administrators have across groups in the following fictitious AcmeXYZ Connected environment.
Based on this environment, the following describes the span of administrative rights for each type of Connected administrator.
-
Data Admin (
). Has administrativeExample: Mary_DA is a Data Admin in the ADMIN group and has administrative rights that span all users and groups within AcmeXYZ's Connected environment. Her personal data and access to Connected functions are controlled by the policies that affect the ADMIN group.
-
Admin (
). Has administrative rights on any group in AcmeXYZ. Example: Bill_A is an Admin in the ADMIN group and has administrative rights that span all groups and lower-ranked users (except Group Data Admins) within AcmeXYZ's Connected environment. His personal data and access to Connected functions are controlled by the policies that affect the ADMIN group.
NOTE: Keep in mind that Admins do not have administrative control over any type of data administrator, regardless of rank. Therefore, although Bill_A is a customer-level Admin, he does not have administrative control over Chris_GDA (Group Data Admin). He cannot edit, delete, place on-hold, or reactivate Chris_GDA, move him to a different group, or move the Engineering or Boston groups of which Chris_GDA is a direct or subgroup member, respectively. Bill_A can move the Development and Quality Assurance groups and manage users in them.
-
Support Restore (
). Has permission to help users in any group to restore their data.Example: Alice_SR has the Support Restore role. Alice_SR can assist with restores that spans all users and groups within Acme XYX’s Connected environment. She cannot access other users data.
-
Group Data Admin (
). Has administrativeExample: Chris_GDA is a Group Data Admin in the Engineering group and has administrative control that spans all users and subgroups within that group. Based on the AcmeXYZ group hierarchy and user roles, Chris_GDA and Mary_DA have the same administrative rights on the Engineering group and its subgroups, with one small exception. Chris_GDA cannot move the Engineering group; he can however, move its subgroups with the Engineering group's hierarchy.
-
Group Admin (
). Has administrative rights on their own group as well as any of its subgroups.Example: Jane_GA, Bob_GA, and Jill_GA are Group Admins in various groups. Jane_GA is a Group Admin in the Boston group and has administrative control that spans all groups and subgroups within the Boston group. Bob_GA and Jill_GA are Group Admins of the Development and Quality Assurance groups, respectively. Based on the AcmeXYZ group hierarchy and user roles, Jane_GA and Bob_GA have the same administrative rights on the Development group. Similarly, Jane_GA and Jill_GA have the same administrative rights on the Quality Assurance group.
Jane_GA does not have administrative control over Chris_GDA, a Group Data Admin, so she cannot edit or delete his profile, move him to a different group, or move the Engineering group to which he belongs. However, she can move the Development and Quality Assurance groups, which Chris_GDA also administers.
-
Group Support Restore (
). Has permission to help users in their own group as well as any of its subgoups to restore their data.Example: Ben_GSR has the Group Support Restore role. Ben_GSR can assist with restores for users in Sales group or any subgroup. He cannot access other user’s data.
-
Bulk Importer (
). Has permission only to run the ImportUsers tool, which can affect Connected user profiles in any group. Example: BulkImport is the only Bulk Importer in AcmeXYZ's environment. The ImportUsers tool requires the Bulk Importer credentials to run.
- User (
). Can perform standard user functions