Page tree
Skip to end of metadata
Go to start of metadata

Create a New Group

This topic describes how to create a new group in the Group Permissions wizard

Set Basic Group Permissions

Basic group permissions can be configured in the General tab of the Group Permissions wizard.

  1. Edit a group from Setup > Access > Manage Groups. In the General tab, select from the following options to configure the basic group permissions:
    1. Allow Sending Password - if Yes, members of this group can be sent a new password by clicking Forgot Password on the login page.  
    2. Select whether the user can modify their own or all users' Left Pane, Dashboards, Home Pages, Widgets and Combined Reports. 
    3. Choose the type of administrative access for the group:
      1. No Administrative Access.
      2. Table administrative access for selected tables. 
      3. System administrative access to the full setup menu. 
      4. Whether the group can export the knowledgebase by using Setup/Export. 
    4. Select whether the group can access the Messaging wizard, the full team wizard, and the Communications toolbar tab in the Left Pane.
    5. Select a saved search, edit a search, or create a new saved search, to limit the view of the Communications toolbar for the group. 
  2. Click Finish.

Set Group Table Permissions

Table permissions for a group are set individually by clicking Edit next to a table in the Tables tab of the Group Permissions wizard. In a number of cases, the same table group permissions can be set both in the Table Permission wizard and in the Table wizard.

Group Permission Tips

  • Always wait to create new groups until the last possible minute; before doing workflow but after all tables have become stable in terms of their fields.
  • Before creating new groups, try to finalize the permissions for the groups that will be closest to the new groups in terms of their permissions. Then you can copy those groups to create the new groups and will have less work to do on the new groups.
  • In general, if a group can see the toolbar tab and edit other people's records, they should have the middle options selected for the view, search, and report tab permissions.
  • You need to know which field defines ownership for each table when setting the record and field level permissions. For instance, if ownership is based on a match of the Company field, but a group should only have permission to edit their own personal records, you will have to filter the Edit Own set on the record level permission screen.
  • The ownership criteria are not defined in the group screens, but rather on the Permission tab of the Table wizard.

Set Menu Permissions

Group menu permissions for a table are set individually by navigating to the Menu tab in the Table Permissions wizard. A few examples are provided below.

Saved Searches

Search permissions are controlled as below.

If permission to create/modify/delete Saved Searches is removed, users may still search but the ability to save a search is disabled.

Reports

The Reports subsection has the option to control access to reports depending on whether the "Allow group to publish saved reports" checkbox has been selected. For more information on publishing reports for general viewing, see Reports wizard.

Email Templates

Other menu-specific permissions controlled in this tab involve email and print templates. 

 Set Record Permissions

Record level access permissions control which records in a table group members can view, edit or delete.

Record level permissions can be based on saved searches, giving them greater flexibility and utility. For example, you might create a "Member of Same Company"  saved search that finds all records created by users with a Company field that matches yours. You can then specify that group members can View or Edit records that satisfy this saved search.

There are two ways to set record level access permissions:

  1. Edit the group and set what records that group can view, edit and delete – this is useful when setting the permissions that a particular group has for multiple tables. Navigate to the Record Permissions tab of the Table Permissions wizard. Access permissions based on a saved search can only be defined by editing the group.

  2. Edit the table and set what groups can view, edit and delete records – this is useful when setting the permissions that multiple groups have for a particular table. Navigate to Setup > Tables, edit the relevant table and click the Permissions tab.

Set Field Permissions

Field level access permissions are only relevant for tables that group members are allowed to view or edit. They control what fields can be viewed or edited in records the user can access.

There are two ways to define field level access permissions.

  1. Edit the group and set the list of fields the group can view or edit – this is useful when setting the permissions that a particular group has for multiple fields. This can be managed in the Field Permissions tab of the Table Permissions wizard.
  2. Edit the field and set what groups can view/edit that field – this is useful when setting the permissions that multiple groups have for a particular field. Navigate to Setup > Tables, edit the relevant table, click the Fields tab and edit the relevant field, and click the Permissions tab.

Field Permission Tips

Generally there will be nothing in the specification about the details of the field level permissions that should be set for each group. There may be specific fields that are indicated as being editable only by certain groups, for instance the publication fields for FAQs, but otherwise, you have two choices when setting field level permissions:

  • Make your best guess which groups should see which fields based on what you know about the use cases
  • Set the permissions with the customer and ask them to make every decision themselves.

If you have to guess, use the following general guideline - anyone who can edit a record as a power user should probably have only view own and view other access to all date and auto-entered fields, and create, view and edit access to all the other user-entered fields. The ID field is an exception - it is auto-generated, but it is useful to always give create access so people can see it when creating.

Keep field level permissions clean, even when it is more work. If a group does not have record level create and edit permissions, technically it doesn't matter if all field permissions are turned on for the create own and edit own columns, because they won't be able to edit the record at all. But rather than leaving it sloppy so that the field permissions imply an ability to edit while the record level permissions contradict it, make them consistent - deselect all field permissions for the columns for create own, edit own, edit others. Otherwise, someone may accidentally turn on record edit permissions and suddenly those users will see fields never intended for their editing.

Always deselect the create own box for the communications "field", since no one should be creating an email when creating a record. Also deselect history for that column.