Skip to content
English
More support Customer portal Sign in
Contact us
  • There are no suggestions because the search field is empty.

Managing organizational access control when creating a new organisation

This article outlines how ACLs are managed when creating organizations

Overview

Organizations are used as a means to segregate cases. This can be helpful for multi-tenanted configurations or for security teams that provide shared services to subsidiary organizations. Another use case is for internal divisions within an enterprise, eg. SOC and Privacy.

Only members of an organization will be able to see that an organization exists, so you must ensure that all users who need to see cases or manage the organization are a a member of that organization. 

Creating a new organization

For detailed steps regarding the creation of a new organisation, please refer to the "Configuring organizations" section in the Using organizations in Cydarm article.

Once you create an organisation, there are several key outcomes:  

  • Creates the new organization object
  • Creates a group for the new organization
  • Creates a set of default ACLs for the organization, to control access to the cases, case data, users, and the organization itself
  • Creates a new STIX Identity object linked to the organization, in the Contacts page
  • Adds the group attribute of the new organization to the user (administrator) that created the organization

Note - After creating a new organization, the creator must log out and back in again to start a session with the newly assigned attributes.

Managing organizational access control

After creating a new organization (and logging in to a new session), the administrator will usually want to attach the new organization into the existing group hierarchy. This is done by clicking the right arrow link on the new organization in the organization list, to navigate to that organization's corresponding group.

In the group configuration, for a managed organization, you will need to add the "manager organization" group to the "managed organization" group, so that all users that are members of the manager organization are indirect members of the managed organization, giving them access to the cases owned by the managed organization.

This hierarchy of groups can be as many layers as required, to account for situations where the overarching organization (the owner of the Cydarm system) has a hierarchy of organizations under them, such as brokers and end customers.

When the new organization has had the appropriate manager group added to its group, making sure the administrator still has indirect membership to the new organization, remove the administrator user from direct membership of the organization, then logout and back in again. This last step is necessary to ensure that each user on the platform is only a direct member of one organization.