About users and groups

You can set access levels and authorizations for individual users or for groups of users.

Group authorizations

When you create a new user, perhaps the easiest way to assign authorizations and permissions to that user is by assigning the user to one or more user groups. This is done using the Users form, when you create the user profile.

Default groups are already set up and delivered in Mongoose; for example, the CoreFormsAdmin and the APPBUILDER-Administrator group. To modify the forms and permissions for an existing group, select the group on the Groups form and click Group Authorizations to open the Object Authorization for Group form.

You can add or delete groups on the Groups form.

Caution: 
Although the system allows you to modify or delete default groups that are provided with your application, doing so can cause future conversion problems while upgrading and other problems. We recommend you copy the the default group and give it a new group name, then modify the new group authorizations. We strongly recommend that you NOT delete or modify default groups.

User authorizations by copying another user's goups

When you create a new user, you can copy the user's group memberships from an existing user. On the Users form, select the user who needs to add groups, and click Copy Groups from User. On the Copy Groups From User form, select the user from whom you want to copy the groups. If multiple groups are listed, you can select the groups that you want to copy to this user. To return to the Users form, click OK. Then save the changes to the new user's record there.

User authorizations

If a user is not assigned to any group, use the Object Authorizations for User form to determine what forms and privileges are available to that user.

How authorizations work together

User groups allow you to determine the authorizations and permissions for multiple users by assigning them all to a single group. If an authorization is granted in one group and not granted in a second group, the least restrictive authorization is used.

For example:

  • You can create a group COMaint that has EDIT and UPDATE privileges granted on a Customer Orders form. All other privileges on this form are not granted.
  • You can create another group CO that has EXECUTE and READ privileges granted on the Customer Orders form. All other privileges on this form are not granted.
  • Users in the COMaint group, who only have EDIT and UPDATE privileges, cannot open (READ) the Customer Orders form at all. Users in the CO group, who have EXECUTE and READ privileges, can open the Customer Orders form, but cannot make updates to it.
  • "Power" users who are included in both the CO and COMaint groups can open the Customer Orders form and make updates.

    You can also create a "composite group", named COpower that includes both the CO group and the COMaint group as "subgroups".

Group authorizations work together. If a user is included in a group where a privilege is granted on a certain form, that granted privilege prevails over any "not granted" setting for the same form in other groups assigned to this user. However, any user authorizations set for individuals always override group authorizations defined for a form.

At the User Authorizations level (Object Authorizations for User form), privileges are either granted or revoked. There is only one set of privileges per form or per component per user. Therefore, if a privilege is revoked at the User Authorizations level, the same privilege cannot be granted at the Group Authorizations level (Object Authorizations for Group form).

User authorizations cannot have multiple privileges for the same form or same component. If a form or component is revoked at the User Authorization level, that revoke setting is used regardless of any group privileges that you specify.

If privileges are left blank at the user authorization level, the user is assigned the permissions defined at the group level.

User Authorization Report

In the User Authorization Report, user and group authorizations for forms and IDOs are grouped together by user ID. Row authorizations are grouped together by user ID and group name, and are sorted by IDO and group name. Options on the form let you choose the specific forms or IDOs you want to see in the report. You can see and compare all authorizations for a single user in the same section of the report. This makes it easier for you to determine whether a user has multiple permissions set differently for the same form, through different groups to which the user is assigned.

Related topics