- 08 Jan 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Organizational Units
- Updated on 08 Jan 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
This article will walk you through the different configuration options on the Settings > Organizational Units page in Clarity.
Role modification options
A common example of the Role Based Access Control structure is using Department and Job Title (shown above). This will result in the creation of roles for every department (intermediary role) found within your organization, and every Job Title found under each department (terminal role).
Organizational Unit order
Here you can pick the Attributes defined on the Identity Attributes page to determine your Role Based Access Control structure.
Rebuilding and Purge
Discard
Discard any changes you have already made to the page.
Save
Save the changes made to the the Disable Provisioning toggle or changes to the Organizational Units.
Build Roles & Role-Entitlements
This option will not remove entitlements already part of existing roles, but it may add new entitlements based on 100% matching (all members of the role already have the entitlement).
Purge Roles & Role-Entitlements
This will delete all Roles and Role-Entitlement relationships. It is recommended to perform this action, followed by the Build Roles & Role-Entitlements if you plan to reset your roles, or have made changes to your Organizational Units.
Provisioning
This option lets you globally block provisioning in your Clarity platform. This overwrites any individual app based configurations.
Special Roles
Global (Everyone) - This role is always present, and cannot be removed. Every identity in Clarity is a member of this role and can be used to provide all Active Identities with an entitlement you specify.
Default or Intermediary/Default - For any identities that exist in Clarity, but are missing a valid attribute (for the corresponding Organizational Units), a role (intermediary or terminal) will be generated using Default. Check out the examples below for more details on roles generated with the name Default.
Examples of Default roles
If an Identity is missing the Department attribute, but has the Job Title Senior Developer, they would receive the role Default/Senior Developer.
If an Identity is missing the Job Title attribute, but has the Department Accounting, they would be assigned the Accounting/Default role.
If an Identity is missing both Department and Job Title attributes, they would be added to the Default/Default role.
Need Help?
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.