Security Group Tips

Refer to the following tips when creating and editing security groups:

Users cannot be assigned to more than one security group with the same module permissioned and object level permissions enabled on that module. For example, Group A has the Attachments module permissioned with object level permissions enabled while Group B has the Attachments module permissioned without object level permissions enabled. Users cannot be added to both groups. If neither group has object level permissions enabled for the Attachments module, the user can be added to both groups.
When overlaying security groups, the most restrictive permissions for each module are applied.
Use the Ignore option when the permissions for a module are defined in an opposing security group. Not checking Ignore will result in no permissions for that module.
When defining permissions for specific data types across multiple security groups, you must check the Ignore option in the opposing security group for the specific data type or for Data; otherwise, the result will be no permissions (most restrictive).
Permissions for specific data types overrides top level Data permissions. If top level Data permissions is not enabled, only the specific data types permissioned will be available.
If top level Data permissions and object level permissions are both enabled, all data records will be available for all data types without object level permissions enabled. For example, if top level Data permissions is enabled and object level permissions is enabled to limit to a single location. All computer records across all locations will be available. To only make data records available in a single location, disable top level Data permissions and permission the data types you want to be available.
Create permissions are synonymous with New, Create and Add depending on the context of the module.
Update permissions are synonymous with Edit, Link and Assign depending on the context of the module.
Delete permissions are synonymous with Delete, Unlink and Unassign depending on the context of the module.
With object level permissions enabled, creating new objects (attachments, waves, tasks, and data records) adds them to the permissioned list.
Currently, only one SSO group can be mapped to a security group. Mapping multiple SSO groups to a single security group is not supported.

Tags:

Search Knowledge Base by Keyword

Introduction

ReadyWorks

Use Cases

Fundamentals

Accessing ReadyWorks

Login

User Interface

Favorites

Analytics

Dashboards

Altiris Asset

Altiris Asset Dashboard

Asset Widgets

Dashboard Overview

Project & Predefined

SCCM Asset

Asset Widgets

SCCM Asset Dashboard

Reports

Available Reports

Reports

Data Quality

Dashboard

Reports

Tools

Charts & Dashboards

Chart Colors

Chart Examples

Charts

Charts & Dashboards

Dashboards

View Chart

Reports Configuration

Report Builder Examples

Reports Configuration

Orchestration

Orchestration Overview

Waves

Waves

View Wave

Wave Types

Wave Groups

Tasks

Tasks

View Task

Task Types

Task Priority

Rules

Rules

View Rule

Tools

Action Buttons

Action Button Examples

Action Buttons

Form Builder

User Experience

User Experience Portal

Using the User Experience Portal

T-Comm On Demand

Templates

Data

Data Overview

Data

Primary Data

View Primary Data

Secondary Data

View Secondary Data

Tools

Attachments

Attachments

View Attachment

Rationalization

Data Generator

Integration

Data Mapping

Mappings

Mapping Variables

ETL

ETL Overview