Security Groups

NOTE: Only a user with administration permissions can access this page.

Getting There: In the Navigation Pane, clicktap Security Groups under Settings. If the menu is hidden, clicktap The Settings icon..

If you have a large number of users in Insite, you may find it useful to put them in groups. Security groups allow you to place your users in a container and assign them permissions (or remove permissions) at the top level, rather than at a user level.

Security groups also minimize the number of roles you need to assign a user directly. This is helpful if you only want to give users permissions they actually need (such as giving accountants the Accounting Users role or Robot Schedule engineers the Robot Schedule Engineers role). Instead of assigning three roles to a user (Accounting Users, Accounting Supervisors, and Accounting Managers), you could create three different security groups (ACCOUNTING, ACCOUNTING SUPERVISORS, ACCOUNTING MANAGERS) and assign users to them. When they no longer need the roles attached to the security group, you can remove them from the group.

A note on LDAP authentication

If you use LDAP authentication, you can use an LDAP Group distinguished name* in your security groups that will automatically assign certain users to the group when they first log on (see Adding a Security Group for instructions). These users are determined by the information in the distinguished name, such as a matching CN name. Once the users are added, they are given the permissions of whatever roles are assigned to the security group with minimum management from the administrator. (LDAP permissions can be nested if a user is part of multiple security groups.)

NOTE: *Distinguished names are sequences of relative distinguished names (attributes with associated values) connected by commas. For example, CN=Accounting_0,CN=Accounting,CN=aTestLocation,CN=Users,DC=company,DC=net is a distinguished name. See Microsoft's documentation on Distinguished Names for more details.

Ways to Use Security Groups

There are a few ways you can use security groups.

1. As a way to organize your users

Security groups can be used as organizational tools. You can add users and roles, and any changes made to the groups or roles attached to them will trickle down to the users. This ensures that the work you do with individual users (after they are created or pre-registered, see Adding a User) is minimal.

EXAMPLE: You create an ACCOUNTING security group and add fifteen users to it (if you have LDAP authentication set up, users in the Accounting department could even be automatically assigned to this group when they first log on to Insite). Then, you add an Accounting Users role to the security group so that every user in ACCOUNTING is given basic Insite permissions.

2. As a way to give a user extra permissions

You can also use security groups to give a user permissions to an area of Insite they generally don't have access to. This may be pertinent if you have a Powertech engineer who needs temporary access to an Automate Enterprise server or a WebDocs supervisor who needs to look at a Robot test system.

Users can easily be added to or removed from security groups, which makes it simple to give a user permissions that are outside their normal role functions.

EXAMPLE: A Powertech Network Security engineer needs to collaborate with an Automate Ops Console engineer on a three week project. However, he's currently only added to the PTNS ENGINEERS security group and cannot access Automate Ops Console in the Insite Navigation Pane. To allow him temporary access to the Automate Enterprise production system, you either a) add him to the AUTOMATE OPS CONSOLE security group or b) create an AUTOMATE PROJECT security group that has the permissions he needs and add an Automate Ops Console Users role to it. When the project completes, you simply remove him from the security group (or delete it all together).

The Default Security Group

Insite comes with a default security group that users are assigned to if they're not automatically assigned to a group or role. The Default security group cannot be deleted and has no basic authorities out of the box. If you want to add authorities to the default security group, you can do so by adding roles.

The Default security group should only be used to catch users who are not given a group or role when they first log on to Insite. We don't recommend using it to give users authorities long term. Please note, too, that if you assign another security group or role to the user, the default security group will be automatically removed next time they log on.

Managing Security Groups

ClickTap a link to learn how to add, edit, or delete security groups:

Adding a Security Group

Editing a Security Group

Deleting a Security Group

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
1.17 | 201711131037