The application Manage Authorization Groups allows you to:
- Create and Manage Group of users
- Populate the groups with explicit or calculated members
- Set expiration dates for the memberships
- Set Responsibles and Delegates for the management of the group
Access the application
The application can be accessed from the Administration menu in the sidebar, clicking on Manage Authorization Groups.
Permissions and Figures
Conditions to access
The application will be available under one of the following conditions:
- Users manually enabled to access the application from permissions management
- Users that belong to a group that is identified as Responsible for another group
- Users that have been assigned as delegates for a group
Please note that members must have a personal code to access the application.
Definition of figures
|Responsible||A responsible of a group is authorized to modify the group, define delegates, add new memberships, manage deactivation events and define membership rules for calculated groups|
|Delegate||A delegate can manage the memberships of the group and deactivation events|
|Explicit member||An explicit member is a user that has been manually and directly assigned as member of the group|
|Calculated member||A calculated member is a user that is part of the group under the satisfaction of a membership rule. If the condition is no longer valid, the user will no longer be part of the group|
The application is provided with different tabs according to the permissions you receive. Three tabs are available on the main screen and refer to:
- Groups of which you are a Delegate
- Groups of which you are Responsible
- All Group
For each tab you will be presented with the related groups on which you are able to interact, and the following information:
|Acronym||It is a brief keyword that identifies the group through the Openstudio services|
|Name||An explicit name for the group|
|Environment||It can either be Role group, Security or Mailing list and describes the context in which the group is being used.|
|Group Type||It defines how the group members can be identified, and it can be Explicit, Calculated, or both.|
|Population||It defines if the population of the group is reserved for users registered on the system, or if external users can be included through their emails|
|Members||It returns a live counting of the members of the group|
|Provisioning||Some groups may be connected to external services by Openstudio team, for example with a provisioning with Microsoft Office services.|
Create a new group
From the main page, you can create a new group by clicking on the button Create a new Group; please note that you need to be authorized for this operation.
You will be provided with a series of required fields in order to create the group:
|Group||Acronym||A short keyword to identify the group through Openstudio services. It must be unique.|
|Group name||A friendly name to identify the scope of the group|
|Description||A more detailed explanation of the group|
|Characteristics||Environment||It can be a Role group, a Security group or a Mailing list|
|Population||It can be Internal, External or both|
|Group type||It can be Explicit, Calculated, or both.|
|LDAP||Email address||If the environment is a mailing list, a field to specify an eventual distribution list will appear.|
|Responsible Group||You can click on the Associate button to browse the list of existing groups and select one that is responsible for the newly created group. It is optional and only Role groups can be selected.|
Once all the fields are completed, and if the Acronym is unique, the button Confirm the creation of the group will be clickable.
Groups page overview
Once a group is selected, you will be provided will all the available information according to your level of authorization.
In the upper section, all the group details are provided, divided into three tabs: Base Information, Details and Membership Rules.
In the lower section, a series of tabs allow you to browse the different parts of the group: Responsibles, Delegates, Membership, Groups Responsibility and Deactivation Events.
Modify an existing group
If you want to modify an existing group, you can click on the desired group and then on the button Modify Group.
You will be provided with the same form for the group creation, but you will only be able to modify the following: Group name, Description, Responsible Group.
Once done, you can click on the button Update Group's information.
Manage the Delegates for a group
A Delegate is a member that is in charge on managing the group memberships and the eventual Deactivation events. Any user registered in the system with a personal code can be assigned as Delegate and will inherit such permissions.
Members of the group assigned as Responsibles are in charge of doing the assignments, and can remove them in the same way. Once a delegate is removed, the record will be moved in the History of Delegates
Add a new Delegate
To add a new delegate, open the group details and go to the Delegates tab. At this point, click on the Add a Delegate user button and select the user, then confirm.
Remove a Delegate
To remove an existing delegate, click on the icon next to the delegate name.
History of Delegates
Within the Delegates tab, at the end of the page, you can see the history of Delegates for the selected group.
Define a membership rule
If the group is Calculated or Explicit and Calculated, from the upper section, under the Membership rules tab, you can specify rules for the calculated users to include as members.
Add a new Membership rule
Simply click on the button Add Membership Rule to get prompted with a list of available rules
Once applied, the system will acquire the calculated members overnight.
Remove rule and History of Membership rules
If you want to revoke a rule, simply click on the icon next to the rule you want to remove.
Once applied, the system will remove the calculated members overnight and move them to the History of Membership rules
Force acquisition of Calculated members
The system automatically verifies the membership rules and calculated members overnight, but if you want to force the acquisition you can click on the Force Calculated memberships acquisition button.
Manage memberships for a group
If the group is of Explicit or Explicit and Calculated type, you can add new memberships from the Memberships tab of a group page. Please remember that only Responsibles and Delegates are allowed to manage memberships.
If the group is only of Calculated type, please refer to the previous point to define membership rules.
Add a new member to the group
Simply click on the Add new membership button and select the user you want to include.
You can also specify a deadline for the user's membership and some notes.
Remove user and History of Memberships
If you want to remove an explicit member from the group, simply click on the icon next to the user you want to remove.
The user will be removed and automatically moved to the History of Memberships section.
Please note that if the group is synced with external services, the system will acquire the updates overnight.
Manage Deactivation events
The application allows the management of Deactivation events, which can refer to an expiration date or to a lapsed condition that is referred to a calculated user. In the tab Deactivation events you can keep track of the events.
If an explicit member has a deadline for its membership, once the expiration is closer than 7 days you will get a deactivation event notice. We will also send an email notification, both 7 days and 2 days before, to warn the Responsibles and Delegates of the event.
In this case, you can access the group's memberships and eventually extend the deadline.
Lapsed membership rule condition
If a calculated member no longer satisfied a membership rule, it will be added in deactivation events.
Overnight, the system will process the update.
The first tab will return the list of members that are part of the group identified as Responsible, if defined.
If the group has been identified as Responsible for another group's management, the tab Groups Responsibilities will be available and will provide the list of all the groups that have the selected group identified as responsible.