Security groups

Security groups are used to limit the access to data in F2. An administrator with the “Security group administrator” privilege can manage the organisation’s security groups.

All security groups created by an administrator are subject to an authority since they are created as a special unit type in F2’s organisational structure.

A security group is placed one level under its authority. The figure below shows how the “Staff security group” is placed under the “Digital Authority”.

security group example
Figure 1. Authorities and security groups

Once a security group is established, you can add users to the group. This task requires the “Security group administrator” privilege.

Only the users who are a member of a security group can add or remove the security group to/from the “Access restriction” field on cases or the “Access restricted to” field on a record.

A user with full write access to a record or a case can remove any security groups added to said record or case. This includes security groups which the user is not a member of.

A user can only access records to which access is restricted to a security group if the user is a member of said security group. An administrator can add themself to security groups on a temporary basis if they need to search for and access records with limited access.

The "Security groups" window

Security groups are managed in the "Security groups" window. Click on Security groups on the "Administrator" tab to open the window.

menu item security groups
Figure 2. Open the window for managing security groups

The window shows all security groups within the authority (1). Expand a group to see its members.

security groups window
Figure 3. Manage security groups

Use the menu items in the ribbon (2) to create, delete, activate, and deactivate security groups in addition to adding and removing users from security groups.

You can also edit the properties of a security group or display properties for any users you have selected.

Working with security groups

The following sections describe the functions of the window.

Create a security group

Click Create security group in the "Security groups" window to create a new security group.

create group
Figure 4. "The “Create security group” menu item

In the “Create security group” dialogue, enter a title for the security group and use the drop-down menu to select the authority under which the security group will be created.

In the “Synchronisation key” field, a synchronisation key can be entered. For example, this key is used when importing security groups to F2.

create security group
Figure 5. The “Create security group” dialogue

Users can be added to security groups in the “Add users to security groups” dialogue.

When a security group has been created through the “Create security group” dialogue, F2 automatically creates a role which can be assigned to users.

Delete security group

You can delete unused security groups by clicking Delete security group in the "Security group" window.

delete security group
Figure 6. Delete security group

If the security group is currently in use, F2 will display a warning and deactivate the group instead of deleting it.

Deactivate or reactivate security group

Select a security group in the "Security groups" window and click on Deactivate security group to deactivate it.

deactivate security group
Figure 7. Deactivate security group

The function is also available in the context menu.

An inactive security group can be reactivated by selecting it and clicking on Reactivate security group in the "Security groups" window or in the context menu.

reactivate security group
Figure 8. Reactivate security group

An inactive security group cannot be added to a case’s or record’s access restriction. Deactivating a security group, however, does not affect cases or records on which it is already in use.

Members of an inactive security group can be added or removed as with an active security group.

Properties

Select a security group in the "Security groups" window and click on Properties to edit the group’s name or synchronisation key.

properties
Figure 9. Manage the properties of a security group

The function is also available through the context menu.

Security group membership

You can add and remove users from security groups from the "Security groups" window.

Add users to security groups

Click on Add users in the "Security groups" window to add users to a security group. You can also right-click a security group and select Add users.

add users
Figure 10. The “Add users to security groups” menu item

In the "Add users to security groups" dialogue, add the relevant users.

add users dialogue
Figure 11. The “Add users to security groups” dialogue

You can also use the "Archive access" privilege to add users to a security group. Privileges for members of security groups are described in the Archive access section.

Remove users from security groups

You can remove a user from a security group by selecting the user in the list under the security group and clicking on Remove user.

remove user
Figure 12. "Remove user from security group
You cannot remove a user from a security group via the "Security Groups" window if the user has multiple roles that grant membership in the security group. In that case, you must edit the roles to remove the user from the security group.