Security Group Tips

Refer to the following tips when creating and editing security groups:

Users cannot be assigned to more than one security group with the same module permissioned and object level permissions enabled on that module. For example, Group A has the Attachments module permissioned with object level permissions enabled while Group B has the Attachments module permissioned without object level permissions enabled. Users cannot be added to both groups. If neither group has object level permissions enabled for the Attachments module, the user can be added to both groups.
When overlaying security groups, the most restrictive permissions for each module are applied.
Use the Ignore option when the permissions for a module are defined in an opposing security group. Not checking Ignore will result in no permissions for that module.
When defining permissions for specific asset types across multiple security groups, you must check the Ignore option in the opposing security group for the specific asset type or for Assets otherwise the result will be no permissions (most restritive).
Permissions for specific asset types overrides top level Assets permissions. If top level Assets permissions is not enabled, only the specific asset types permissioned will be available.
If top level Assets permissions and object level permissions are both enabled, all assets will be available for all asset types without object level permissions enabled. For example, if top level Assets permissions is enabled and object level permissions is enabled to limit to a single location. All computers across all locations will be available. To only make assets available in a single location, disable top level Assets permissions and permission the asset types you want to be available.
Create permissions are synonomous with New, Create and Add depending on the context of the module.
Update permissions are synonomous with Edit, Link and Assign depending on the context of the module.
Delete permissions are synonomous with Delete, Unlink and Unassign depending on the context of the module.
With object level permissions enabled, creating new objects (attachments, waves, tasks and assets) adds them to the permissioned list.
Currently, only one SSO group can be mapped to a security group. Mapping multiple SSO groups to a single security group is not supported.

Tags:

Search Knowledge Base by Keyword

Introduction

ReadyWorks

Use Cases

Fundamentals

Accessing ReadyWorks

Login

User Interface

Favorites

Dashboards

Dashboard Overview

Project & Predefined

SCCM Asset

SCCM Asset Dashboard

Asset Widgets

Altiris Asset

Altiris Asset Dashboard

Asset Widgets

Attachments

Attachments

View Attachment

Reports

Reports

Available Reports

Self Service

Self Service Portal

Using the Self Service Portal

Workflow

Workflow Overview

Waves

View Wave

Wave Types

Wave Groups

Tasks

View Task

Task Types

Task Priority

Schedule

Templates

Action

T-Comm

Task Chain

Tools

Workflow Import

Assets

Assets Overview

Assets

View Asset

Lists & Status Lists

View List

Analytics

Dashboard

Reports

Tools

Asset Import

Asset Rules

Asset Rules

View Asset Rule

Rationalization

Data Generator

Event Logs

Users & Groups

Users & Groups

User Accounts

View User

Security Groups

View Security Group

Module Permissions

Roles & Permissions

Workflow

Assets

Asset Management

Functional Groups

View Functional Group

Permissions Inspector

Asset Types

Asset Types

View Asset Type

Charts & Dashboards

Charts & Dashboards