Create/Maintain Groups and Assign Privileges
Privileges as well as Permissions assigned to a Group are inherited by all Group members. Privileges govern whether or not a user can use certain features and/or and set selected Preferences. While Privileges determine what functionality is available to a user, they do not control which elements a user can view. Permissions are used to grant access to specific Elements and measurement data. Privileges control access to Elements, Dimensions and other system components. See Overview of Security Levels for how Groups and Users are related.
The "Default Group" is the only Group that is created automatically when Metric Insights is first installed and, by default, all Users are assigned to this group when their account is created unless otherwise specified. The "Default Group's" settings represent the baseline access level that is provided to all users.
There is also a special type of group called an "All Access Group" that provides its members with full access to view all elements in Metric Insights. You set this option using the check box on either the User or the Group Editors
Administrators do not need to be assigned to any groups; assigning them a group only functions to allow them access to the Shared Favorites. A Users may belong one Group or multiple Groups. When assigned to multiple Groups, users inherit Privileges and Permissions from every Group of which they are members.
This article covers creating or maintaining a Group as well as assigning Privileges. See also:
2. Access Admin > Groups
From the Groups table you can either:
- Click the Name link to open an existing Group to maintain its settings or add Permissions and/or Privileges
- Add a New Group
3. Create a New Group
- A unique Name is required for this Group
- Optional. All Access Group?: Change default "no" to "yes" if you want this group to have full access to all available Elements, Dimensions, Dimension Values, and Categories. You can maintain specific Privileges, Shared Favorites, Event Calendars and Targets.
- Optional. LDAP Org. Unit: Only complete if your organization uses Single Sign-on; identify the LDAP connection that this Group will use. Should be the fully qualified DN, for example:
NOTE: To learn more about managing users/groups via LDAP, refer to Script for synchronizing/creating users with LDAP
- External Group ID: Purely informational field
Save to access the full Group Editor
4. Assign Group Privileges
- Click [+ Privilege to Group]
- In the opened pop-up check the rows with the privileges you would like to assign to this Group.
- Save new settings.
5. Add Group Members
- using an input (CSV) file
5.1. Manually add users
6. Assign the Group access to various other fields using associated tabs
These sections all follow a similar format and are very straight forward. All of these fields are optional