Security Groups

Security groups govern what a user can access in the platform and how they participate in a digitized process. Security groups can be used, for example, to define who has access to a dashboard, which reports a user can run and which forms a user can create.

Security groups are also referred to in workflows and define which steps in a workflow a user can participate in. For example an approval step might have a security group defined which will limit approvals to users who are in a specific group.

• New groups can be created on the Groups Dashboard 

• To access this dashboard, click on the pull-down menu and select Admin Center from the Administration section. From the Admin Center select Groups from the Users and Groups section

• During group creation, the basic attributes are defined. Optionally, the groups can be assigned grants which are conferred on users in the group. Grants provide capabilities within the platform, for example to create a timesheet.

• Groups are defined in the Group Editor . Refer to this guide for further details. 

• Groups can be changed if required.

• Search for the group using the filter criteria on the Groups Dashboard. 

• Once found click on group in the Groups Dashboard . This will display the Group Editor where changes can be made.

• Groups can be deactivated if they are no longer required following changes to the team or organisation. Deactivating the group will mean that it can no longer be selected when defining the security access model for an entity (for example a report type).

• Search for the group using the filter criteria on the Groups Dashboard. 

• Once found click on group in the Groups Dashboard . This will display the Group Editor where the group can be deactivated by deselecting the Active checkbox.

• The association between a user and a group can be done in 2 places

  1. Groups can be assigned to the user in the Person Editor. This typically takes place when setting up or amending a user.

  2. Users can be assigned to a group in the Group Editor. This typically takes place when setting up or amending the group

• Search for the group using the filter criteria on the Groups Dashboard. 

• Once found click on group in the Groups Dashboard . This will display the Group Editor. Users can be assigned/removed via the Users tab.

• Grants provide capabilities within The Anywhere Platform. Examples of grants are: the ability to create a timesheet, the ability to edit a project, the ability to create and edit user accounts.

• Groups do not have to include grants however a user must have at least 1 group assigned to them which does include grants otherwise they will not have any capabilities.

• Search for the group using the filter criteria on the Groups Dashboard. 

• Once found click on group in the Groups Dashboard . This will display the Group Editor. Users can be assigned/removed via the Security tab.

• It may be a requirement that security groups have additional attributes to those in the Info tab. Such a requirement might, for example, involve tagging a group with a specific location.

• Adding attributes is carried out in the configuration workbench. Refer to Groups in Extending standard entities 

• The additional attributes will be displayed in the Group Data tab of the Group Editor.

It is important to remember that a user must also have the correct access subscription to take advantage of all the grants in the security group. If their access subscription does not include the grants in the group then they will not be able to perform the stated capability. Refer to Subscription Model for more details.

In addition to these groups it may be necessary to create role based groups, for example 'PMO (UK)' and 'PMO (US)'. Users in these groups approve stages in projects in the stated region. These do not confer grants but are used in the project workflow.

This approach makes it easier to administrate grants.