Managing Security Group Functional Rights

Security permissions can be defined by roles, which allow staff to have the appropriate rights only while acting in a specific role associated with a work object.

Security permissions can also be defined by security groups to which the staff is assigned, which allow staff to have rights to the work object regardless of their role.

Note: If all child functions within a parent are set to the same value (Undefined, Grant, or Never Allow), the parent function is automatically changed to that same selection.

To update group functional rights, do the following:

1. Open Dashboard, click Application Links on the navigation panel, and then click Security groups under Security.
2. Do one of the following:
3. Add a security group.
4. Click New in the Create group on the Home tab, or right-click the grid and select New > Security Group from the menu to create a security group.
5. Copy an existing security group.
6. Do one of the following to create a security group with settings from an existing group:
   • Select an item in the grid and click Copy in the Create group on the Home tab.
   • Right-click an item in the grid and select Copy from the menu.
7. The security group profile displays with all information from the originating security group, except for the name and description.

Note: Only the organizational units that you have rights to create security groups for are copied to the new group.

8. Edit an existing security group.
9. Do one of the following to display the security group profile for review or editing purposes:
   • Select a group in the grid and click Open in the Edit group on the Home tab.
   • Right-click an item in the grid and select an option from the Open sub-menu.
3. Click Functional rights on the navigation panel.
4. Select the appropriate option for each product in the grid.

The functional right assignment can be one of the following:

• Undefined. Access is not yet assigned.
• Granted. Access is allowed.
• Never allow. Restricts all access, including any inherited access. This keeps the users assigned to the security group from performing the function even when the same users are members of another security group or assigned a role that has been granted the same permission.

Explain the components of the window.

Component	Description
{name of work product}	A tab with the name of each product licensed by the firm displays in the grid. When a tab is selected, the list area in each column refreshes to show the rights for the selected tab.
Module/Function Description	This column includes the names of the modules and their functions for the selected product. For some product modules, the functions are broken down into multiple levels of subordinate functions. For example, Staff Manager and Client Manager will allow Security to be defined all the way down to the field level. For information on each function, see Security Group Functional Rights Explained.
Add	This column is used to specify whether the staff inheriting the rights of the role will be able to add a record for the selected function such as adding a staff profile. Note: Selecting Grant for the Add column also displays this value in the Edit/Perform and View columns and cannot be edited, unless those columns previously had a value of N/A.
Edit/Perform	This column is used to specify whether the staff inheriting the rights of the role will be able to edit a record or perform a function. Note: Selecting Grant for the Edit/Perform column also displays this value in the View column and cannot be edited.
View	This column is used to specify whether the staff inheriting the rights of the role will be able to view the data as specified by the function description. For example, the right to view client profiles. Note: Selecting Grant for the Add or Edit/Perform columns also displays this value in the View column and cannot be edited.
Delete	This column is used to specify whether the staff inheriting the rights of the role will be able to delete the data as specified by the function description. For example, the right to delete client profiles.
Role-related	This column displays a check mark for any rights that should be given to staff only when they are acting in roles rather than in the security groups.
Grant All	When selected, all rights in the selected product are changed to Grant.
Clear All	When selected, all rights in the selected product are changed to N/A.

5. Click one of the Save buttons or Cancel.

Button	Description
Save	Saves the changes and the window stays open for editing. An error message displays if you click this button before entering all required information.
Save & New	Saves the changes and opens a new window to create a new entry. An error message displays if you click this button before entering all required information.
Save & Close	Saves the changes and exits the window. An error message displays if you click this button before entering all required information.
Cancel	Exits the window without saving your changes.