Configuring Delegated User Administration
Using Companies 
Use
Delegated user administration enables you to distribute user administration between several administrators so that each administrator is responsible for a particular set of users. For example, you can designate one user administrator for each business area in your company. Each user administrator can only create, modify, and delete users in the business area that he or she is responsible for.
Procedure
...
1. Configure the user management engine (UME) to support companies.
More information: Configuring Companies.
You want to manage the employees in your company in sales, marketing, and development separately. Configure the following UME property as shown:
ume.tpd.companies=sales,marketing,development
2. Create one or more delegated user administrators for each company. To define a delegated user administrator:
○ Move existing or create new delegated user administrators in the companies for which they are to be responsible.
○ Assign delegated user administrators to delegated user administration roles.
§ If you are setting up delegated user administration in the portal, use the portal role called Delegated User Admin with the ID pcd:portal_content/administrator/user_admin/delegated_user_admin_role
§ Otherwise assign a role with UME actions that only provide permissions for objects that belong to the same company, such as Manage_Users.
3. Assign users to companies using the following methods:
○ In the role of overall user administrator, create new users in companies and move existing users into companies.
○ Enable users to request membership in a company during self-registration. Delegated user administrators must approve the requests.
○ In the role of overall user administrator, import new users and use the org_id attribute to assign a company.
For example, import the following data for a user:
[User]
uid=miguelasantos
password=aDz2!K4s
email_Address=miguela.santos@example.com
first_name=Miguela
last_name=Santos
org_id=marketing
See also: