Scopes
When you assign an administrator role, you can select the scope. Scopes can be defined along different dimensions:
-
Organizations: Restrict the organizations that an administrator can manage. Administrators can manage only users who belong to the organizations that are included in the scope.
-
Access roles: Restrict the access roles that an administrator role can manage. Administrators can manage only users with the access roles that are included in the scope.
Add a scope
You define custom scopes within the context of an organization, and those scopes exist only in context of that organization.
-
You can add a scope when you're assigning an administrator role or from the Scopes section:
-
To add a scope when you're assigning an administrator role, on the Assign administrator roles page, in the Scopes list, select Add scope.
-
To add a scope that you can use later, go to Scopes, select Administrators > Scopes, and then select Add scope.
-
-
Enter a Scope name and optional Description.
-
Under Access roles in scope, select the access roles to include in this scope:
-
All access roles: The scope applies to all access roles that are available to the organization.
-
Custom selection: Select the access roles that the scope applies to:
-
-
Select the Organizations in scope, such as this organization only, this organization and its direct children organizations, and so on.
-
Select Save.
The scope is added to the list on the Scopes page.
Apply a scope to an administrator role
Scopes restrict administrator roles to the organization and access roles that are included in the scope.
After you create scopes, you can select scopes when you assign administrator roles.
-
On the Assign administrator roles page, select the Administrator role, and then select the Scope.
-
Save your changes.
Delete a scope
-
On the Scopes page, select the menu for the scope that you want to delete.
-
In the menu, select View details.
-
In the top-right menu on the scope details page, select Delete scope.
