Inherit AD-Groups from Org that is connected to department

How is the org connected to the department? There is no inheritance if you have used the foreign key Org.UID_Department to connect the business role and the department.

But you can use this information to create a dynamic role that assigns all department members to the business role.

Hi Markus,

thank you for that answer.

Correct: The org is connected via org.uid_department with the department.

Dynamic roles would be an option with the downside that AD-Groups wouldn't be inherited instantly, but hourly (depending on the schedule).

Aren't there other options?

I could tie the AD-Groups directly to the departments. This would result in instant calculations for the inheritance when persons enter or leave departments. But then i would miss the possibility to block inheritance selectivley. Blocking inheritance at one department would block all ad-groups from being inherited. This is not what we want. Some AD-Groups should be inherited top-down, others may not be inherited top-down.

There is no other OOTB way of doing this as far as I see.

What you can do - if you are using scheduled dynamic groups only (there will be more fine grained options in 8.2 in regards to dynamic groups) - either select a shorter schedule for the dynamic groups in question or create a process chain that adds the department members users instantaneously to the org.

There is no other OOTB way of doing this as far as I see.

What you can do - if you are using scheduled dynamic groups only (there will be more fine grained options in 8.2 in regards to dynamic groups) - either select a shorter schedule for the dynamic groups in question or create a process chain that adds the department members users instantaneously to the org.