Search Knowledge Base by Keyword

Security Group Tips

< Back

Refer to the following tips when creating and editing security groups:

  • Users cannot be assigned to more than one security group with the same module permissioned and object level permissions enabled on that module. For example, Group A has the Attachments module permissioned with object level permissions enabled while Group B has the Attachments module permissioned without object level permissions enabled. Users cannot be added to both groups. If neither group has object level permissions enabled for the Attachments module, the user can be added to both groups.
  • When overlaying security groups, the most restrictive permissions for each module are applied.
  • Use the Ignore option when the permissions for a module are defined in an opposing security group. Not checking Ignore will result in no permissions for that module.
  • When defining permissions for specific asset types across multiple security groups, you must check the Ignore option in the opposing security group for the specific asset type or for Assets otherwise the result will be no permissions (most restritive).
  • Permissions for specific asset types overrides top level Assets permissions. If top level Assets permissions is not enabled, only the specific asset types permissioned will be available.
  • If top level Assets permissions and object level permissions are both enabled, all assets will be available for all asset types without object level permissions enabled.  For example, if top level Assets permissions is enabled and object level permissions is enabled to limit to a single location. All computers across all locations will be available.  To only make assets available in a single location, disable top level Assets permissions and permission the asset types you want to be available.
  • Create permissions are synonomous with New, Create and Add depending on the context of the module.
  • Update permissions are synonomous with Edit, Link and Assign depending on the context of the module.
  • Delete permissions are synonomous with Delete, Unlink and Unassign depending on the context of the module.
  • With object level permissions enabled, creating new objects (attachments, waves, tasks and assets) adds them to the permissioned list.
  • Currently, only one SSO group can be mapped to a security group. Mapping multiple SSO groups to a single security group is not supported.