Manage common content with inheritance
One of the main advantages of an enterprise or super enterprise configuration is the ability to create common content or configuration settings in one place and push them down to sub enterprises and suborganizations. This is known as "inheritance".
Security policies are frequently handled as common content, allowing them to be inherited so that consistent policies, procedures, and communication methods can be established across a system. Security policies in a super enterprise organization are inherited to enable the same features as in an enterprise organization, but across multiple systems.
For Cloud configurations, content and settings are set in the super enterprise or enterprise, which allows the cloud to use multitenancy.
There are four levels of inheritance.
- System: This is the top level that is used for the entireBlackBerry AtHocsystem. A a system is defined as a single installation ofBlackBerry AtHocaccessed by a single URL. An example of a system user attribute is First Name. All users have the First Name attribute, no matter what organization or enterprise they belong to. System configuration is set in the System Setup (3) organization.
- Super enterprise: In a super enterprise, this is the second level of inheritance, used for content and settings that need to be the same across multiple enterprise organizations in different systems.
- Enterprise: In a super enterprise configuration, this is the third level of inheritance. In an enterprise configuration, this is the second level of inheritance. This inheritance level is used for content and settings that need to be the same across all sub enterprises and suborganizations. An example is a user attribute called employeeID. By setting this attribute at the super enterprise or enterprise level, the content is part of all user profiles that are in the organizations managed by the super enterprise or enterprise.
- Suborganization: In a super enterprise configuration, this is the fourth level of inheritance. In an enterprise configuration, it is the third level. This level is primarily used for content that is specific to a single base or location. An example is the user attribute OptIn4Birthdays, which is used by only one organization.
Enterprise Example
The following example focuses on attributes, but it also applies to any type of common content.
A federal agency has three organizations managed by a single enterprise. There are three tiers, including one called System Setup at the system level. The enterprise organization is named Fed_Agency_Enterprise and it has three suborganizations: East Coast, Mid-West, and West Coast.
The organizations have the following user attributes:
- System Setuphas three user attributes that are available for the system, which includes all enterprise and suborganizations:UserName,ID, andLastName.
- Fed_Agency_Enterprisehas three user attributes that are available for the enterprise and its suborganizations:Department,Location, andCPR-Trained.
- TheEast Coastorganization has a team that wants to track birthdays, so they have added an attribute calledOptIn4Birthdays.
An operator in the suborganization can edit the value of an attribute for a user if the operator has access to the organization in which the user attribute was created.
- The System Administrators on System Setup can access and edit user attributes created at the System level. In this example, they can target users through theUserName,ID, andLastNameattributes. However, they cannot see any attributes defined at lower levels.
- Enterprise operators have more options. They can view and use all of the attributes inherited from the System level, plus publish, search, create reports, and edit the attributes created in that enterprise organization (Department,Location, andCPR-Trained).
- Operators in the suborganizations can use but not edit user attributes inherited from system and enterprise levels. These operators can also create, use, and edit user attributes for publishing to the local organization. However, operators do not have access to attributes from peer organizations. As a result, operators in theEast Coastorganization can access and edit theOptIn4Birthdaysuser attribute, while none of the other suborganization operators or enterprise or system administrators can use the attribute.
For a list of entities that are inherited, Inherited content and settings in the enterprise or super enterprise.