Delegation of control in computer directories grants users minimal administrative power to complete tasks, with higher positions receiving more control. Organizational units allow for departmental control and user organization. Access is split between group and user, with higher access granted for promotions or specific tasks.
Delegation of control occurs when an organizational unit (OU) – an object or group in a computer directory – is given some control over functions. The control is usually minimal compared to the activity, so the user can only perform the specified activity and nothing else. Directors and people in high positions, such as managers and owners, receive maximum delegation of control, with few restrictions on actions. Control is usually divided into departments, giving managers control of a single organizational unit which allows the manager to add or delete users.
An organizational unit is a directory of users and serves several purposes. Allows for redundant data, such as two people with the same name but in different departments. This also gives users a way to organize employees and other users in terms of department, employee level, and overall delegation of control.
Assigning a delegation of control gives a user a certain amount of administrative power, but this power is the minimum amount the user needs to complete a task. For example, if a user is assigned to write records, they will be granted write access to add records. The user would not be given the ability to add new users to the organizational unit or delete users, as these functions are outside the user’s line of work. Giving extra control can create security issues, which is why only minimal control is granted.
People in higher positions, such as a director or manager, are granted a higher delegation of control. The manager is typically granted full control, but only for one group in the organizational unit. This allows the manager to do whatever he deems appropriate for that department, but the manager cannot interfere with other groups of organizational units. Administrators typically have access to all OU groups because, if a technical error occurs or the manager doesn’t know how to perform a function, the administrator can act for the manager.
The organizational unit is usually divided into several departments. This keeps managers and departments separate so they can’t interfere with each other, but also provides additional uses. Delegation of control is split into group and user access. This means that the whole group will get a certain level of access, but separate users can be granted additional access if deemed necessary. Higher access is typically granted only if the user is promoted or needs to perform a task that requires additional access to data.
Protect your devices with Threat Protection by NordVPN
