What is the Difference Between Containers and Departments?
Business Service Containers are designed to create logical views grouping devices, tests, or other containers together. Containers have no bearing on security, and cannot be used to design a user model or security schema. The containers are created within a department or admin group (more on these below), and are visible to all users within that department/admin group. You cannot assign users to specific containers or vice versa. It is best to simply bear in mind that containers are purely for containing other objects in a grouping.
Departments are designed as the base level of security constraints in Traverse. Every test in Traverse belongs to a device, and every device in turn belongs to a department. End users (such as the default "zyrion" user) also belong to a department. Departments are the basic building block of security; end users are assigned to a specific department and are unable to see devices/objects outside their department. In fact, the end users are effectively unaware that any other departments actually exist, since they cannot see the other departments, devices, tests, users etc.
The department is assigned a user class, which determines the permissions for users in that department (create, read, update, or delete devices, tests, containers, actions). Each user can individually also be set as Read-Only, which overrides the user-class settings (Read-Write just applies the user class permissions). If there is a need to design a system that specifies users have access only to certain devices, then departments are the correct tool for that purpose.