Each object and user of the platform is linked to an organizational unit. This unit allows a hierarchical structure to be defined in order to give users a filtered view. A user's unit defines their access level for different platform objects.
If a user is not linked to any unit, that user will not be able to connect to Adobe Campaign. If you would like to restrict access for a particular user or group of users, do not link it to the All unit.
A user has read-only access to all of the objects in the parent units. He has read and write access to all objects of his unit and child units. A user does not have access to objects in parallel branches.
When the user is assigned an organizational unit, this unit will always be applied to the objects the user created.
When a user is in several groups linked to different units, certain rules are applied. For more information, refer to the Managing groups and users section.
Organizational units allow you to filter your instance depending on the organization your users are linked to. This unit can represent a region, country or even a brand in your instance.
Here, we previously created security groups with different roles to two users: one user is assigned the security groups Administrators and Geometrixx, the other user belongs to the security groups Standard user and Geometrixx Clothes See Creating a security group and assigning users for the full example.
We now need to create the organizational units for the Geometrixx Clothes and Geometrixx security groups:
To see the impact of assigning different units to different security group, the user assigned to the Administrator and Europe groups will create two email templates to see what the other user assigned to Standard User and France can or cannot access.
The user assigned to the Standard User and Geometrixx Clothes groups will be able to see both templates. Because of the hierarchical structure of the organizational units, he will have read and write access to the template linked to the Geometrixx Clothes unit and only read-only access to the template linked to the Geometrixx unit.
Since the Geometrixx Clothes unit is a child unit of Geometrixx, the following message appears when the user tries to modify the Geometrixx template:
Organizational units can restrict the access to different features such as profiles. For example, if our Geometrixx Clothes user access the Profiles tab, he will be able to fully access and modify the profiles with the Geometrixx Clothes organizational unit.
Whereas the profiles with the Geometrixx organizational unit will be read only, the following error will appear if our user tries to modify one profile: You do not have the rights needed to modify the 'profile' resource of ID .
If your organization needs to isolate the profiles contacted by each of your different brands, you can partition your profiles by their organizational units.
We recommend adding this option before importing any profiles. If you have already imported your customer database, an update is necessary in order to set the organizational unit values on the already imported Profiles.