In addition to hierarchical organization, DMS also provides an administration model for sites that have implemented a flat directory structure. In this model, delegation is based on attributes in user profiles instead of hierarchical levels.
In a flat directory, DMS adds attribute/value pairs to user profiles to group users together. Once users are grouped together, another attribute/value pair determines which users can manage the groups.
DMS groups users into organizations by adding an attribute/value pair to user profiles. For example, users who belong to the organization East Bank have the attribute/value pair ou=East Bank in their profiles, where ou is the attribute that indicates the organization to which a user belongs.
An organization administrator can only manage organizations that are listed in the organization administrator's profile. The list of organizations is assigned to a profile attribute that you specify in the SmDmsConfig constructor. For example, if you specify departmentnumber as the attribute that contains the organizations that an organization administrator can manage, the attribute/value pair departmentnumber=East Bank means that the organization administrator can manage the East Bank organization and no others.
The following illustration describes how attribute-based delegation is implemented:
In this example, Donna Gibson is an organization administrator for East Bank and North Bank. She can manage Edward Johnson and Carrie Winham because they belong to organizations that are listed in the departmentnumber attribute in Donna's user profile.