Logo Sonatype CLM Sonatype CLM Server - Security Administration Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Security Administration Guide

4.1. Organization, Applications, and Inheritance

Whether or not you will ever interact with elements of Sonatype CLM outside of Security Administration, you will still need to understand the impact Organizations and Applications have on how roles are managed. Mainly granting at the application level is exclusive to that application, while granting at the organization level allows access to view and make changes across any assigned applications as well as the organization itself. This is due to a concept called inheritance, and it can be used to vastly reduce the need to add every user to each application.

While, we do cover this in our other guides, we should start by taking a basic look at these two areas. The image below gives an example of how we can reduce repetition of users by choosing to manage by organization.

figs/web/role-management-user-permission-inheritance-manage-by-app-org.png

Figure 4.1. Inheritance and User Roles Overview


Applications

Applications are created in Sonatype CLM. They allow users to identify a specific project, and then track the health of components in that project. Each application must have a specific name, a unique identifier (Application ID), and an organization. Each application may also have policies (rules) and other associated policy elements (e.g. license threat groups and labels). Finally, an application will inherit policies and policy elements from its selected organization.

The important piece to see here is that applications are very singular. Changes made here will have an impact, but will be isolated to the particular application. This is very different compared to organizations.

Organizations

Similar to applications, an organization will have a specific name, but it does not need a specified identifier. Organizations may also have policies (rules) and a number of associated policy elements (e.g. license threat groups and labels). However, unlike applications, organizations aren’t tied to a specific project / application. Instead, they function more like a container to hold multiple applications. Given this, in cases where an organization has policies or policy elements, any application that has selected this organization, will inherit all those policies and policy elements.

Again, the important piece to pay attention to here is that users assigned to an organization have the potential to view and/or interact with not just the organization, but also any application attached to that organization.