Search Knowledge Base by Keyword
-
Introduction
-
Fundamentals
-
Favorites
-
Analytics
-
-
-
-
- Available Reports
- All Asset Types
- Application Certification Status
- Application Discovery
- Application Group Analysis
- App Group to SCCM Collection Analysis
- Application Install Count
- Application License Management
- Application Usage
- Asset Column Mappings
- Asset Count by Property
- Asset Links Count by Asset Type
- Build Sheet
- Computer User Assignment
- Delegate Relationships
- ETL Synch Data
- ETL5 Staging Data
- Migration Readiness (Basic)
- Migration Readiness (Complex)
- O365 License Management
- O365 Migration Readiness
- Patch Summary
- SCCM OSD Status
- Scheduled Computers by Wave
- Scheduled Users by Manager
- User Migration Readiness
- VIP Users
- Wave & Task Details
- Wave Group
- Windows 10 Applications
- Show all articles ( 15 ) Collapse Articles
-
-
-
-
-
Orchestration
-
Data
-
-
- View Asset
- Asset Properties
- Images
- Notes
- Waves
- Tasks
- Attachments
- History
- Rationalization
- QR Code
- Linked Assets
- SCCM Add/Remove Programs
- Altiris Add/Remove Programs
- Related Assets
- Relationship Chart
- Permissions
- Show all articles ( 1 ) Collapse Articles
-
Integration
-
-
-
- View Connection
- Connection Properties
- Make Into Connector
- Delete Connection
- Inbound Jobs
- Outbound Jobs
- New Inbound Job
- New Outbound Job
- Enable Job
- Disable Job
- Edit Inbound Job
- Edit Outbound Job
- Upload File
- Run Inbound Job
- Run Outbound Job
- Set Runtime to Now
- Reset Job
- Delete Job
- Job Log
- Show all articles ( 4 ) Collapse Articles
-
-
- View Connector
- Connector Properties
- Authentication Methods
- New Authentication Method
- Edit Authentication Method
- Delete Authentication Method
- Fields
- Edit Field
- Inbound Job Fields
- Edit Inbound Job Field
- Inbound Job Templates
- New Inbound Job Template
- Edit Inbound Job Template
- Delete Inbound Job Template
- Outbound Job Fields
- Edit Outbound Job Field
- Outbound Job Templates
- New Outbound Job Template
- Edit Outbound Job Template
- Delete Outbound Job Template
- Show all articles ( 5 ) Collapse Articles
-
-
- ETL5 Connectors
- Absolute
- Azure Active Directory
- Comma-Separated Values (CSV) File
- Generic Rest JSON API
- Generic Rest XML API
- Ivanti (Landesk)
- JAMF
- JSON Data (JSON) File
- MariaDB
- Microsoft Endpoint Manager: Configuration Manager
- Microsoft SQL
- Microsoft Intune
- Oracle MySQL
- PostgreSQL
- Pure Storage
- ServiceNow
- Tanium
- XML Data (XML) File
- Show all articles ( 4 ) Collapse Articles
-
Admin
-
-
-
- Modules
- Analytics
- Asset Images
- Asset Rationalization
- Asset Rules
- Attachments
- Bulk Edit
- Data Generator
- Data Mapping
- ETL
- Form Builder
- Multi-Factor Authentication
- Relationship Chart
- Reports
- Self Service
- Single Sign-On
- T-Comm
- Show all articles ( 3 ) Collapse Articles
-
-
API & Stored Procedures
-
Administration
-
FAQs
Security Group Tips
< Back
Refer to the following tips when creating and editing security groups:
- Users cannot be assigned to more than one security group with the same module permissioned and object level permissions enabled on that module. For example, Group A has the Attachments module permissioned with object level permissions enabled while Group B has the Attachments module permissioned without object level permissions enabled. Users cannot be added to both groups. If neither group has object level permissions enabled for the Attachments module, the user can be added to both groups.
- When overlaying security groups, the most restrictive permissions for each module are applied.
- Use the Ignore option when the permissions for a module are defined in an opposing security group. Not checking Ignore will result in no permissions for that module.
- When defining permissions for specific data types across multiple security groups, you must check the Ignore option in the opposing security group for the specific data type or for Data; otherwise, the result will be no permissions (most restrictive).
- Permissions for specific data types overrides top level Data permissions. If top level Data permissions is not enabled, only the specific data types permissioned will be available.
- If top level Data permissions and object level permissions are both enabled, all data records will be available for all data types without object level permissions enabled. For example, if top level Data permissions is enabled and object level permissions is enabled to limit to a single location. All computer records across all locations will be available. To only make data records available in a single location, disable top level Data permissions and permission the data types you want to be available.
- Create permissions are synonymous with New, Create and Add depending on the context of the module.
- Update permissions are synonymous with Edit, Link and Assign depending on the context of the module.
- Delete permissions are synonymous with Delete, Unlink and Unassign depending on the context of the module.
- With object level permissions enabled, creating new objects (attachments, waves, tasks, and data records) adds them to the permissioned list.
- Currently, only one SSO group can be mapped to a security group. Mapping multiple SSO groups to a single security group is not supported.