Security groups
Security groups are used to limit the access to data in F2. An administrator with the “Security group administrator” privilege can manage the organisation’s security groups.
All security groups created by an administrator are subject to an authority since they are created as a special unit type in F2’s organisational structure.
A security group is placed one level under its authority. The figure below shows how the “Staff security group” is placed under the “Digital Authority”.
Once a security group is established, you can add users to the group. This task requires the “Security group administrator” privilege.
Only the users who are a member of a security group can add or remove the security group to/from the “Access restriction” field on cases or the “Access restricted to” field on a record.
A user with full write access to a record or a case can remove any security groups added to said record or case. This includes security groups which the user is not a member of. |
A user can only access records to which access is restricted to a security group if the user is a member of said security group. An administrator can add themself to security groups on a temporary basis if they need to search for and access records with limited access.
The "Security groups" window
Security groups are managed in the "Security groups" window. Click on Security groups on the "Administrator" tab to open the window.
The window shows all security groups within the authority (1). Expand a group to see its members.
Use the menu items in the ribbon (2) to create, delete, activate, and deactivate security groups in addition to adding and removing users from security groups.
You can also edit the properties of a security group or display properties for any users you have selected.
Working with security groups
The following sections describe the functions of the window.
Create a security group
Click Create security group in the "Security groups" window to create a new security group.
In the “Create security group” dialogue, enter a title for the security group and use the drop-down menu to select the authority under which the security group will be created.
In the “Synchronisation key” field, a synchronisation key can be entered. For example, this key is used when importing security groups to F2.
Users can be added to security groups in the “Add users to security groups” dialogue.
When a security group has been created through the “Create security group” dialogue, F2 automatically creates a role which can be assigned to users.
Delete security group
You can delete unused security groups by clicking Delete security group in the "Security group" window.
If the security group is currently in use, F2 will display a warning and deactivate the group instead of deleting it.
Deactivate or reactivate security group
Select a security group in the "Security groups" window and click on Deactivate security group to deactivate it.
The function is also available in the context menu.
An inactive security group can be reactivated by selecting it and clicking on Reactivate security group in the "Security groups" window or in the context menu.
An inactive security group cannot be added to a case’s or record’s access restriction. Deactivating a security group, however, does not affect cases or records on which it is already in use.
Members of an inactive security group can be added or removed as with an active security group.
Security group membership
You can add and remove users from security groups from the "Security groups" window.
Add users to security groups
Click on Add users in the "Security groups" window to add users to a security group. You can also right-click a security group and select Add users.
In the "Add users to security groups" dialogue, add the relevant users.
You can also use the "Archive access" privilege to add users to a security group. Privileges for members of security groups are described in the Archive access section.
Remove users from security groups
You can remove a user from a security group by selecting the user in the list under the security group and clicking on Remove user.
You cannot remove a user from a security group via the "Security Groups" window if the user has multiple roles that grant membership in the security group. In that case, you must edit the roles to remove the user from the security group. |