An organizational view is a hierarchical grouping of resources (as organizational groups) that reflects a real-world structure, or "view", of your organization. For example, you may create organizational views to group your resources by geographical location, or by department, or by network structure. As in the real world, a resource may (but is not required to) appear once only in an organizational view.
Organizational views provide a secure means of segregating your resources into well structured and manageable units. Each organizational view contains one or more organizational groups, each of which may contain resources and child organizational groups. The membership of an organizational group includes the resources that are contained in all of its child groups. An organizational view cannot contain any resources directly - all resources must be contained in organizational groups. You can use organizational views and groups to model a wide variety of organizational requirements. You can secure your organizational views using the familiar NT security inheritance model that is used throughout the Symantec Management Platform.
When you assign security roles and permissions to your organizational views and groups, you give each security role its own unique view, or "scope", of the available resources. The security role determines which resources its members can access, and what actions they can perform on those resources. A user can see any organizational view or group on which they have permissions, and have those permissions on all resources that are contained in the group. If permission inheritance is enabled, they also have the same permissions on all sub-groups. If a user does not have permission on an organizational view, they can still see it if they have permission on one or more of its organizational groups.
You can use organizational views and groups within targets when you want to apply a policy or task to selected computers, users, or resources. The organizational view or group is used in the same way as a filter, but provides the security that is required to ensure that only the resources to which the target owner has permission are included.