This documentation supports the 19.02 version of Remedy Action Request System.

To view the latest version, select the version from the Product version menu.

Using a parent group for permissions inheritance

Assigning a parent group can simplify permissions management in cases where one group, such as a service provider (the parent group), should have access to a set of objects or data belonging to several different groups, such as the separate companies contracting with the service provider (the child groups).

When a parent group is defined, you manage access to objects and data in the application by assigning permissions to the child group and configuring the objects to allow permissions inheritance. As a result, members of the parent group automatically have the same access as members of the child group.

Any regular or computed group that you create can be a parent group. A parent group is not a separate type of group, but rather represents a hierarchical relationship between the parent group and the child group, in which the parent group inherits the permissions of the child group.

A parent group can have one or more child groups. A child group can also have child groups of its own, forming a multilevel hierarchy, but each child group can only have one parent group. In a multilevel hierarchy, assigning permission to a child group grants access to all ancestor groups, such as the parent group of a parent group.

For example, in the following figure, the group named Parts Supplier is a parent to the Dealer A and Dealer B groups, and an ancestor to all the groups in the relationship. Dealer A and Dealer B are child groups to Parts Supplier, but parent groups to their respective Shop groups.

Hierarchical group relationships
(Click to expand the image.)




In this example, an auto parts supplier needs to control access to the order database, such that employees of the parts supplier can see orders from all dealers and their respective authorized repair shops, but employees of each dealer can see only their own orders or those of their subcontracted shops. Employees of each shop can see only the orders for their own shop. This is accomplished by assigning Parts Supplier as the parent group for Dealer A and Dealer B, and by assigning Dealer A or Dealer B as the parent group for each of the shop groups.

To assign a parent group, you modify the Group form entry for the child group. See Creating and managing groups.

Note

Hierarchical group relationships are used for permissions management only, and are not recognized when sending notifications by group.

Object properties that control hierarchical group access

Two object properties determine whether AR System grants access according to a parent group relationship:

If the object properties do not include permissions inheritance, any hierarchical relationship defined for any of the groups in the object permission list is ignored.

Was this page helpful? Yes No Submitting... Thank you

Comments