Nodes and Organizational Structure
Nodes are a way to organize your users into distinct groupings, similarly to organizational units in Active Directory. The administrator can create nodes based on location, department, division or any other structure. By default, the top-level node, or Root Node is set to the organization name, and all Nodes can be created underneath.
Smaller organizations might choose to administer keeper as single level, meaning no additional nodes are created by the Keeper Administrator. In this scenario, all provisioned users, roles, and teams are accessed from the default Root Node. The advantage to this configuration is there is no additional navigation required to find objects as they are listed under the default root level and easily accessed by navigating to the appropriate tab (user, role, teams). Larger organizations may find benefit in organizing locations or departments into multiple nodes. Users can then be provisioned under their perspective node and have roles configured to match the specific needs of the business. One of the advantages in defining nodes is help support the concept of delegated administration. A delegated administrator can be granted some or all of the Administrative permissions but only on their perspective node (or sub nodes) to help reduce the administration load on the primary Keeper Administrators. When the Keeper Bridge is installed for Active Directory synchronization, AD Organizational Units are identified as Nodes. Users and security groups within specific organizational units in Active Directory will be placed in the corresponding Node in the Keeper Admin Console.
To manually create Nodes and Sub Nodes, select the + button. The Add Node window will appear. Type the name of the Node in the Name field and select the node where you want the new node to be added in the tree structure.
At any time, you can change which node you are viewing by navigating to or selecting the nodes on far left Node pane. To navigate to the root-node or top level, select on the business name (e.g. The Company) in the navigation tree or in the breadcrumb along the top.
Teams are only visible by users in the tree path above ("parent") and below ("child") the node structure that the team is contained in, not via adjacent ("sibling") nodes. To make a team that everyone can see and share to, we recommend setting up your teams in the Root Node or a node at a higher level above the sub-nodes which will be visible to everyone. The visibility of users and teams is important in regards to Shared Folders.
Within a Node, the "Role" is defined that can enable administrative permissions.
If nodes are enabled either via Active Directory integration or configured manually from the Admin Console, the placement of the Role within the Node Tree is important with regards to where the administration permissions begin. Placement of the role at the top level will allow the Admin permissions to flow down to any of the sub-nodes if the Cascade Node Permissions attribute is checked within the "Administrative Permissions" setting of the role. If the role is placed in a sub-node with the Cascade Node Permissions attribute checked then the permissions apply to that node and its sub-nodes only. If the Cascade Node Permissions attribute was not checked then the role permissions is only applied the the specific node to which the role belongs.
