Map the organizational structure
5 minute read
Overview
In order to achieve optimal results with Docusnap365, the necessary organizational structure must be defined for the respective requirements. Depending on the intended use and scenario, different options come into consideration here. In the context of this concept, three different scenarios for the use of Docusnap365 are considered.
The concept includes the use of Docusnap365 as:
- Group of companies
- and provider / IT service provider
- The organizational structure should be carefully planned, since in some points a later change is no longer possible or only with considerable effort.
Die Organisationsstruktur sollte sorgfältig geplant werden, da in einigen Punkten eine spätere Änderung nicht mehr oder nur mit erheblichem Aufwand möglich ist.
Basics
Within Docusnap365, various data structures and technologies exist with which organizations can be mapped. A basic understanding of these mechanisms is necessary to be able to implement the requirements optimally.
Contract
The basis for using Docusnap365 is an active contract, which is created when a subscription is taken out. An isolated infrastructure is provided for each Docusnap365 contract, i.e. a contract also represents an authorization and data boundary. A contract is responsible for the legal and financial management of a Docusnap365 environment. Services, terms, and payment methods can be customized through the contract. Users with different roles (billing reader, owner, reader) can be individually authorized on a contract.
Isolated infrastructure - data storage and vault An isolated infrastructure is created per contract, which consists of a personal data store (discovery data, documentation, plans, etc.) and a vault, for storing passwords.
Isolated infrastructure - data storage and vault
An isolated infrastructure is created per contract, which consists of a personal data store (discovery data, documentation, plans, etc.) and a vault, for storing passwords.
User
A user at Docusnap365 is unique across all contracts worldwide and independent of companies and organizations. The user’s email address is used as the login name and also ensures uniqueness. Each user can be authorized to any number of Docusnap365 contracts and thus also have access to content data, among other things. Within the software, it is possible to switch between the different contracts via a menu item without having to re-authenticate.
Basic data
In Docusnap365, inventoried objects can be logically subdivided with so-called basic data. The following types are available as basic data:
- Organizations (company A, business unit B, …)
- Domains (test.com, …)
- Platforms (SaaS, OnPremises, Hybrid, …)
- Sites (Munich, Berlin, …)
Only one value can be stored for each type and object, as an object cannot be located at two sites at the same time, for example.
In addition to the basic data, any tags can also be assigned per object.
Using the global filters functionality, the view within Docusnap365 on the discovery data can be filtered by basic data and tags. Applied filters have an effect on all lists, displays, plans and reports. Thus, with this functionality it is possible, for example, to perform evaluations only for the Munich site.
Restrictions
Evaluations across contracts
Evaluations across multiple contracts are not possible in Docusnap365. Each contract has its own data store and these cannot be evaluated across contracts in Docusnap365. For example, reports or plans cannot consist of data from different contracts. However, if evaluations are to take place across contract boundaries, the data can be exported to an external database using the Docusnap365 API and thus merged. The evaluation must then be carried out with your own evaluation tools, without Docusnap. This method is only recommended for simple evaluations.
Cross-contract view
A user can switch between the individual contracts to which they are entitled in Docusnap365. It is not possible to cross-view data from multiple contracts in Docusnap365.
Authorizations at contract level
Permissions are granted exclusively at contract level - full access and read-only. No specific authorizations can be assigned to content data (objects) within the contracts. If groups of people are not to be given access to certain data, then this data must be distributed across several contracts.
Separation of data
The content data contained in a contract cannot be separated or split to other contracts. For example, if a company division is split off, the IT discovery data for that division can be deleted from the old contract but cannot be exported to a new contract. In this case, the discovery must be rebuilt for the new company.
Application scenarios
Sole proprietorship
Single companies usually have a central IT organization and therefore do not require separation of data. In this case, the use of a single contract is recommended, as authorization considerations do not play a role here.
If the information needs to be separated for specific views (e.g. project teams), this can be done based on basic information, tags and global filters.
If access to the discovery data is required by external persons (e.g. external service providers), they can simply be authorized for the contract.
Group of companies
When there are several companies in a group, the central question is whether the IT organization is centralized or decentralized.
Central IT organization
For a central IT, the use of a common contract is recommended. This ensures that all discovery data can be viewed and edited for central planning and control. The common discovery data can be logically subdivided using basic data and tags. For example, devices and users can be assigned to organizations and sites. Specific evaluations can be performed by using global filters.
Decentralized IT organization
In this case, the separation of discovery data into several contracts is recommended, unless it is important to perform common evaluations despite the decentralized IT. Only by separating into several contracts can access to the data be restricted to specific company units or persons. The disadvantage of this is the loss of overarching evaluation options.
IT service provider / provider
An IT service provider is recommended to use one contract per customer. This ensures strict data separation between customers. Because of the data separation, customers can also be authorized on their contracts and thus gain access to the data. Employees of IT service providers can be authorized to the various customer contracts and thus gain access to the required data. Furthermore, if the customer relationship is terminated, the customer’s discovery data can be deleted without much effort.