Search Knowledge Base by Keyword

Security Group Tips

< Back

Refer to the following tips when creating and editing security groups:

  • Users cannot be assigned to more than one security group with the same module permissioned and object level permissions enabled on that module. For example, Group A has the Attachments module permissioned with object level permissions enabled while Group B has the Attachments module permissioned without object level permissions enabled. Users cannot be added to both groups. If neither group has object level permissions enabled for the Attachments module, the user can be added to both groups.
  • When overlaying security groups, the most restrictive permissions for each module are applied.
  • Use the Ignore option when the permissions for a module are defined in an opposing security group. Not checking Ignore will result in no permissions for that module.
  • When defining permissions for specific data types across multiple security groups, you must check the Ignore option in the opposing security group for the specific data type or for Data; otherwise, the result will be no permissions (most restrictive).
  • Permissions for specific data types overrides top level Data permissions. If top level Data permissions is not enabled, only the specific data types permissioned will be available.
  • If top level Data permissions and object level permissions are both enabled, all data records will be available for all data types without object level permissions enabled. For example, if top level Data permissions is enabled and object level permissions is enabled to limit to a single location. All computer records across all locations will be available. To only make data records available in a single location, disable top level Data permissions and permission the data types you want to be available.
  • Create permissions are synonymous with New, Create and Add depending on the context of the module.
  • Update permissions are synonymous with Edit, Link and Assign depending on the context of the module.
  • Delete permissions are synonymous with Delete, Unlink and Unassign depending on the context of the module.
  • With object level permissions enabled, creating new objects (attachments, waves, tasks, and data records) adds them to the permissioned list.
  • Currently, only one SSO group can be mapped to a security group. Mapping multiple SSO groups to a single security group is not supported.