What is an OU?
OU is an abbreviation for organizational unit. OUs are building blocks that act as containers for projects or other OUs and allow you to build out a hierarchy that reflects your company’s organizational structure in the cloud. The hierarchy you build will determine the pathways and groupings for fund allocation and policy inheritance.
Throughout Kion, OUs are specified as:
- Top-level OUs. Any OU without a parent is considered a top-level OU. These represent the highest points in your organizational hierarchy.
- Parent OUs. Parent OUs can be top-level OUs or child OUs, depending on where they fall in your structure. OUs are considered parent OUs if they have at least one child OU descending from them.
- Child OUs. Child OUs are OUs that fall below other OUs in your organizational hierarchy. Child OUs inherit cloud rules and draw funding from the parent OU directly above them.
Consider your organization's structure before you start creating OUs in the application. We typically recommend two approaches:
- Use a single top-level OU to represent the company.
- Use multiple top-level OUs to represent different business units or areas of work.
OUs and Cloud Rules
OUs help you manage multiple projects by enabling access management at a high level. When a cloud rule is attached to an OU, it is inherited by all of that OU's descendant OUs and projects. This creates a single point where you can easily manage the cloud rule, and it will be added/updated for all descendant accounts. For information on how to use cloud rules with OUs, see Cloud Rule Inheritance and Exemption.
Cloud rules applied to a parent OU are inherited by all descendant OUs and projects.
If you need to exempt a specific OU or project from a cloud rule you have applied, you can submit a cloud rule exemption request. For more information see, Requesting Cloud Rule Exemptions.