Managing User Permissions on an OU


Managing User Permissions on an OU

In addition to mapping global permissions, you can map users and user groups to permission roles for individual OUs. Managing user permissions by OU offers high specificity when managing access.

Managing permissions this way only grants permissions for the OU you are currently editing. Here, permissions only apply to child objects when they explicitly say "browse child" or "manage child."
If you want a user or group to have permissions that apply across your organization, you can use global permissions mapping. For more information, see Global Permission Roles.

To manage user permissions on a single OU:

  1. Navigate to OUs > All OUs.
  2. Click the OU you would like to edit.
  3. Select the Users tab.
  4. Click Manage User Permissions.
  5. Select users and user groups to add to the available permission roles. For more information about permission roles and permission types, see Getting Started with Permissions
  6. Click Save.


The Manage User Permissions screen allows you to change the user and user groups assigned to each role for this OU. To change the permissions for a role, see Edit a Permission Scheme. To set a different permission scheme for an OU, edit the OU. For more information, see Managing OUs.

Tracking User Permissions

Users can be granted permissions at various origin points. You can learn where each user was granted their permissions using the permissions explorer, which allows you to view origins by user or by permission.

To view user permission origins:

  1. Navigate to OUs > All OUs.
  2. Click the OU you would like to view.
  3. Select the Permissions tab.
  4. Select a user, permission, and role to see the permission's origin. You can alternatively click the By Permission tab to select a permission, user, and role to see its origin.