Regular, computed, and dynamic groups
You can create the following groups in the Group form:
- Regular groups—Explicit groups that you create and to which you assign a specific list of users. For information about assigning users to groups, see Creating and modifying users.
- Computed groups—Explicit groups that you create and to which users are assigned based on the memberships of explicit groups included in an expression. For example, you can create a computed group definition such as (A AND B) OR C AND NOT D. This computed group includes the list of users who are members of both groups A and B, or members of group C, but not members of group D.
Computed groups make groups easier to manage. You can manage your users in a limited number of regular groups, and use computed groups based on these regular groups for more complex access control without the need to make changes in multiple groups.
- Dynamic groups—Implicit groups are similar to the reserved Assignee Group group in that the contents of special fields determine group membership. For more information, see Controlling access by using implicit groups: Row-level security.
AR System provides two types of groups:
- Explicit groups—Groups to which you must manually assign users in the User form. When a user becomes a member of a group, the user is given access to all objects and fields to which the group is granted access.
Explicit groups that you create are defined for a particular server. If you move the objects to a new server with its own defined explicit groups, you might need to resolve permission conflicts. Consider using a deployable application, which uses role permissions that can be mapped to different groups on different servers. For more information, see Role-based access overview. For information about assigning users to groups, see Creating and modifying users. - Implicit groups—Groups that depend on specific user circumstances and situations. Users belong to these groups based on specific conditions, such as the contents of special fields within each request. You do not directly assign users to implicit groups. Any dynamic groups that you create are also implicit groups. For more information, see Controlling access by using implicit groups: Row-level security.
Here are access control group types:
Access control group types
Type of access control group | Description | Predefined groups 1 | Custom groups 2 |
|---|---|---|---|
Explicit | A group to which you must assign users. |
| Any regular and computed groups that you create. Regular groups are groups to which you assign a specific list of users. Computed groups are groups to which users are assigned based on their memberships in groups included in an expression. For example, you can create a computed group definition such as (A AND B) OR C AND NOT D. This computed group includes users who are members of both groups A and B, or members of group C, but not members of group D. |
Implicit | A group to which a user automatically (or implicitly) belongs by virtue of the contents of certain fields in a request. You cannot assign users to implicit groups. All users are members of Public. You use the other types of implicit groups to control access to requests (row-level database access). |
| Any dynamic groups that you create. Dynamic groups use the contents of special fields to determine group membership. |
Membership in multiple groups
Users often belong to multiple groups in an organization. They inherit permissions from each of the groups to which they belong. If a group has permission to access a form, field, request, active link, or active link guide and a user belongs to that group, the user has access, even if the user belongs to other groups that do not have access.
How permissions work
Comments
Log in or register to comment.