Organization units (OU) is a part of Identity Module and can be used to hierarchically group users and entities.
An OU is represented by the OrganizationUnit entity. The fundamental properties of this entity are:
- TenantId: Tenant's Id of this OU. Can be null for host OUs.
- ParentId: Parent OU's Id. Can be null if this is a root OU.
- Code: A hierarchical string code that is unique for a tenant.
- DisplayName: Shown name of the OU.
The OrganizationUnit entity's primary key (Id) is a Guid type and it derives from the FullAuditedAggregateRoot class.
Since an OU can have a parent, all OUs of a tenant are in a tree structure. There are some rules for this tree;
- There can be more than one root (where the
ParentIdisnull). - There is a limit for the first-level children count of an OU (because of the fixed OU Code unit length explained below).
OU code is automatically generated and maintained by the OrganizationUnit Manager. It's a string that looks something like this:
"00001.00042.00005"
This code can be used to easily query the database for all the children of an OU (recursively). There are some rules for this code:
- It must be unique for a tenant.
- All the children of the same OU have codes that start with the parent OU's code.
- It's fixed length and based on the level of the OU in the tree, as shown in the sample.
- While the OU code is unique, it can be changeable if you move an OU.
- You must reference an OU by Id, not Code.
The OrganizationUnitManager class can be injected and used to manage OUs. Common use cases are:
- Create, Update or Delete an OU
- Move an OU in the OU tree.
- Getting information about the OU tree and its items.
The OrganizationUnitManager is designed to work for a single tenant at a time. It works for the current tenant by default.