Root Organization

The Root Organization was introduced in IQ Server version 1.18. Your installation of the IQ Server may be affected depending on its version:

  • If your original installation is version 1.18 or later, then the Root Organization is already part of your IQ Server system hierarchy. You can skip this section of the documentation.
  • If you upgraded from version 1.17 (or earlier) to version 1.18 (or later), then you need to create the Root Organization by following the instructions here.
    • Upon upgrading to version 98, unless already created and configured, the system hierarchy will automatically be migrated to have a Root Organization with no policies defined. If you have not yet migrated and wish to use policies from an existing organization at the Root Organization level, you need to do this before upgrading. 

The Root Organization is a new entity at the top of the system hierarchy that allows you to set policy globally across all organizations and applications. Creating the Root Organization is a one time process, and occurs when the IQ Server is restarted. The process makes a permanent change to the system hierarchy that cannot be undone. For this reason, it is strongly recommended that you backup the IQ Server before you create the Root Organization. For information on backing up the IQ Server, see Backing Up the IQ Server in the IQ Server Setup chapter.

Configuring the Root Organization

The next step in the creation process is deciding how to configure the Root Organization. You have two choices:

  • Choose an existing organization to act as a template for the Root Organization, which is configured with all of the policies and policy elements that you want to move to the Root Organization.
  • Choose to create an empty Root Organization to which you can later add policy. To help you decide between the two, each is described in more detail below.

Using a Template Organization

Using a template organization enables you to take the configuration of an existing organization and move it to the Root Organization. The policy elements to be moved include all policies, component labels, license threat groups, application categories, and policy monitoring, but not security settings.

When the Root Organization is created, the policy elements in the template organization are compared by name to policy elements throughout the IQ Server hierarchy. Only names are compared, not attributes like constraints, notifications, or applied licenses. When a match is found, all references to the that policy element are changed to refer to the template organization policy element and the match is deleted. The policy element is now inherited from the Root Organization rather than its original organization.

Using a template organization saves you time and effort in configuring the Root Organization, especially if you have many policy elements that you want to use globally throughout your system hierarchy. For this reason, it is the recommended method for configuring the Root Organization.

Creating an Empty Root Organization

If you choose to create an empty Root Organization, it will be blank like any other newly created organization; it will have no policies, component labels, license threat groups, or application categories. You can certainly add policy later to the Root Organization. However, if you want to move a policy element from an existing organization, then the migration process is a manual task. It involves renaming elements and switching between organizations multiple times, which can take time and effort.

Creating the Root Organization

Only users assigned to the Policy Administrator role can initiate the Root Organization creation process. Once the Root Organization is created, its security permissions behave the same as with any other organization. For more information about security, see the Security Administration chapter.

To Create the Root Organization:

  1. Go to the Root Organization banner that appears below the IQ Server toolbar and click the Get Started button.
  2. Select how you want to configure the Root Organization and click Continue. Choosing an existing organization to act as a template for the Root Organization configuration is strongly recommended.
  3. Restart the IQ Server to complete the Root Organization creation process.

When the IQ Server is restarted, the Root Organization is created. The IQ Server hierarchy is permanently changed; the Root Organization is at the top, followed by organizations, then applications.

Viewing the Root Organization

When you launch the IQ Server for the first time, it has no organizations or applications except for the root organization. The root organization is always present and cannot be deleted. To view the root organization, click the Organization & Policies icon  on the IQ Server toolbar. The root organization appears in the sidebar.

You may also see Repositories in the sidebar of the Organization & Policies area. If you are a Nexus Repository Manager customer who has enabled the Audit and Quarantine features, you can use Repositories to set security for repository evaluation results.

The root organization allows you to set policy (rules) that are inherited globally by all organizations. This includes policy management features like policies, labels, license threat groups, application categories, and security, all of which are discussed in later chapters (see Basic Policy Management and Advanced Policy Management).

If you have permissions, you can change the name and icon attributes of the root organization:

  1. Click the Organization & Policies icon  on the IQ Server toolbar.
  2. Click the Root Organization icon  in the sidebar.
  3. Go to the Actions menu and click Edit Org Name / Icon.
  4. In the Edit Organization dialog, set the following attributes:
    1. Organization Name - Enter a name into the text box.
    2. Icon - Select from three options:
      1. Default - Uses the default image.
      2. Upload a custom icon - Click the Upload Icon Image button to navigate to an image file in PNG format and click Open. The image should be sized to 160 x 160 pixels. Images with different sizes will be scaled.
      3. Get a robot - Click the Get Another Robot button to cycle randomly through a variety of robot images.
  5. Click the Update button.