[midPoint] Delegated administration

[Pertti Kellomäki]

Hi,

I am reading up on delegated administration. We have a setup where there 
are a large number of independent organizations, and the organizations 
should be able to most of their administration by themselves.

Am I correct in assuming that the orgRelation mechanism described in the 
Authorization Configuration wiki page would be the preferred way to 
implement it? So have a single OrganizationManager role in midPoint, and 
let the orgRelation determine whether the authorization is valid for any 
particular organization.

Thanks, Pertti