Security Groups application

You use the Security Groups application to set up and to manage security privileges for users.

You can assign users to groups from both the Security Groups application and from the Users application:

  • In the Security Groups application, you assign users to groups.
  • In the Users application, you assign groups to users.

You can view the security privileges for a user using the Security Profile tab in the Users application.

Upon implementation, the Security Groups application has the following groups:

  • MAXDEFLTREG - This group allows users to change their password if it expires. The group contains no other rights. When you create a user record, the user is placed in this default group. You can specify a different group to be the default using the Security Controls action. If you want new user security profiles to start with more rights, you can change the MAXDEFLTREG group to include these rights.
  • MAXADMIN - This group provides enough access to add users and groups.
  • MAXREG - This group allows users to self register. You can use the MAXREG group to initiate a workflow process by which an administrator is alerted to assign new users to the appropriate security groups.
  • MAXEVERYONE - This group is used for global settings that apply to all users in the system.

When you delete users and security groups on the Lightweight Directory Access Protocol (LDAP), the users and security groups are not deleted in the system. This restriction is for audit purposes for clients in regulated industries.

Multisite implementation

If your company has multiple sites, you can create groups to reflect these sites. You can then combine the site groups with functional groups to create fine-grained sets of security privileges. For example, if you have sites in Toronto and Montreal, you can name two groups TORONTO and MONTREAL. You can then add groups to reflect functional units, such as finance, administration, maintenance, electrical, and so on.

Application server

If implementation uses an application server to authenticate with an external directory, some functions are performed in the directory and synchronized into the system. These functions include adding users (including self-registration), adding security groups, associating users with security groups, and managing passwords. In addition, when you delete users in the directory, those users are not automatically deleted in the system; you must manually delete them.