Security groups

Security groups are used to limit the access to data in F2. An administrator with the “Security group administrator” privilege can manage the organisation’s security groups.

Security groups are created in the “Create security group” dialogue. Read more about this in Create a security group.

Users must have a role with a privilege pertaining to a specific security group to be included in that group. Several roles can refer to the same security group. Users can be added to a security group in two ways:

All security groups created by an administrator are subject to an authority since they are created as a special unit type in F2’s organisational structure.

An overview of the creation of security groups is displayed below.

image87
Figure 1. Security groups are created under an authority

A security group is placed one level under its authority. The figure below shows how the “Staff security group” is placed under the “Digital Authority”.

image88
Figure 2. Authorities and security groups

Once a security group is established, users can be assigned to the group. This task is performed by a user with the “Security group administrator” privilege.

Only the users who are a member of a security group can add or remove the security group to/from the “Access restriction” field for cases or the “Access limited to” field on a record.

A user with full write access to a record or a case can remove any security groups added to said record or case. This includes security groups which the user is not a member of.

Create a security group

To create a security group, click Create security group on the “Administrator” tab.

image89
Figure 3. "The “Create security group” menu group

In the “Create security group” dialogue, enter a title for the security group and use the drop-down menu to select the authority under which the security group will be created.

In the “Synchronisation key” field, a synchronisation key can be entered. For example, this key is used when importing security groups to F2.

image91
Figure 4. The “Create security group” dialogue

When a security group has been created through the “Create security group” dialogue, F2 automatically creates a role type and a role which can be assigned to users in the “Units and users” dialogue. Read more about this in Add user to security group using manual role assignment.

Alternatively, users can be added to security groups in the “Add users to security groups” dialogue. Read more in Add users to security groups.

Add users to security groups

Click on Add users to security groups on the “Administrator” tab to open the “Add users to security groups” dialogue.

image89
Figure 5. The “Add users to security groups” menu item

In the dialogue, add the relevant users and use the drop-down menu to select the security group to which the users will be added.

image92
Figure 6. The “Add users to security groups” dialogue

Add user to security group using manual role assignment

Since a user can have several roles, the administrator must create roles whose sole purpose is to define an association to a security group.

For example, the “Board member” role type can be attached to the “Employee security group” within the “Digital Authority”.

This means that all users who are given the “Board member” role type will become a member of the “Employee security group”. These users will have access to all cases and records which have their access limited to the security group.

Follow these steps to create a new security group and add a member:

  • Create the security group in the “Units and users” dialogue.

  • Create a new role type in the “Role types and privileges”. See the Create and assign role types section.

  • Attach a privilege to the role type that refers to the created security group and the relevant authority.

  • Add the new role type to the user using the “Units and users” dialogue.

A user cannot see the security group if they do not have membership via a role. This means they cannot assign the security group to records or cases.

Privileges for members of security groups are described in the Archive access section.

The following section describes how security groups and the assigned users are displayed in F2.

Show security groups

To view all security groups, click Show security groups on the “Administrator” tab.

Records to which access is limited to a security group can only be accessed by users with roles that include them in said security group. An administrator can add themself to security groups on a temporary basis if they need to search for and access records with limited access.

An administrator can view security groups created in the authority by clicking on Show security groups.

image89
Figure 7. The “Show security groups” menu item

If an F2 organisation consists of several authorities, they are all displayed in the security group overview.

The security group overview can only be seen by a user with the “Security group administrator” privilege.

To see an overview of the members of a security group, right-click on the security group and then click on Properties.

image93
Figure 8. The “Security groups” dialogue

In the example below, Hannah Hendricks, Harper Ross, and Hector Richards are members of the “SG HR” security group.

image96
Figure 9. Properties for a security group

Deactivate security group

A user with the ”Security group administrator” privilege can deactivate security groups using the Show security groups menu item on the “Administrator” tab.

image89
Figure 10. The ”Show security groups” menu item

In the “Security groups” dialogue, right-click on the relevant security group and select Deactivate… in the context menu.

An inactive security group can be reactivated by right-clicking and selecting Activate… in the context menu.

deactivate security group
Figure 11. Deactivate security group

An inactive security group cannot be added to a case’s or record’s access restriction. Deactivating a security group, however, does not affect cases or records on which it is already in use.

Members of an inactive security group can be added or removed as with an active security group.