Note: This feature requires Security Group Admin permissions to use. Learn more about checking permissions here.
Roles and permissions are a pivotal part of Obzervr, showing users only what they need to see and have access to.
Security Groups are an improved way to group permissions based on your common Obzervr user profiles so that Admins can easily bulk manage user access to the various parts of Obzervr.
Table of Contents
- How it Works
- Security Groups for Organisation Limitations
- What's Next?
How it works
There are a couple of steps to get Security Groups up and running. It’s pretty simple, but here is a summarised list:
- Security Group roles and permissions - who is allowed to create, grant and revoke access to a Security Groups? Admins should be given the Security Group Admin or Read access.
- Create Security Groups - before you can add Users to your Security Group, you need to create the group and define the permissions that you want the Security Group to have access to.
- Add Users to a Security Group - once you have created a Security Group, you will be able to add Users to the group. You can add more than one at a time.
- Check the Security Groups a User is added to - wondering what permissions a User has and what Security Groups they’re in?
1. How to check and update Security Group access
To create and add Security Groups as described in the next sections, you will need Security Groups Admin access. However, if you just want to check the Security Groups a user is added to, you will only need Security Groups Reader permission.
But what does the Security Groups Admin and Read role allow you to do?
|Role||What it does|
|Security Groups Admin||You will be able to view the Security Groups page, add new Security Groups, grant and revoke access for Users in the Security Group.|
|Security Groups Read||You will be able to view the Security Groups page, but you will NOT be able to add new Security Groups, grant and revoke access for Users in the Security Group.|
Click through the steps below to understand how to allocate Security Group Admin and Read access. If you are an Organisation Admin or a Tenant Admin, you should automatically be allocated these permissions.
2. Create a Security Group
Watch the quick video below to see a runthrough of the steps to create a Security Group or walkthrough the steps in more detail below.
Click through the steps below to learn how to create a Security Group.
3. How to add Users to Security Group
You can add multiple users at a time to a Security Group. Note that a user can also be in multiple Security Groups. If you have a user in multiple tenants, you will need to add the user to the Security Group in each tenant.
Click through to see how to add users to a Security Group.
4. How to see what Security Groups a User is in
You should be able to see the Security Groups columns in the Roles page of the User.
Then, you can see the Roles a User has due to their Security Group and to see what Security Groups the user is in, you can hover over the Security Group role.
Click through the steps below to see what Security Groups a user is in.
Organisation level Security Groups Limitations
The purpose behind Security Groups is to reduce the administrative work to add permissions to users. At the moment, Security Groups is only supported at the Tenant level and not at the Organisation level.
When creating a Security Group, you might notice there is a 'Distinguished Name' field.
Distinguished Name is going to be important for Organisation-level Security Groups.
The idea is for Organisation-level Security Groups to sync from company directory systems like Azure AD. This will require the Distinguished Name to be unique across the whole company, while the Name can be duplicated. For example, each site for a company might have a 'Planners' group, and its name would be 'Planners' in each Tenant. For the sync from Azure AD, there would only be one Azure AD, so the distinguished name would need to make these duplicated Planner groups unique.
Security Groups is also the first step in a roadmap of a new 'group' level permissions model. The next step in this Group level permissions model is to allow Admins to control the access to Templates in Obzervr. This permissions model will be called Template Groups.
Template Groups allows Administrators to decide who can and can’t edit Work Templates and Fragment Templates in Obzervr Manager. This prevents users from updating key templates that are utilised for integration or compliance. It also allows users to see templates for their work group or site, without having to sift through everyone else’s.
To read more about Template Groups, see How to setup Template Groups here.