In the Security Groups application, you combine the independent
security groups or the security groups that are not independent to
generate a security profile for a user.
When you combine security groups, the following rules apply to
application authorization:
- The application authorizations specified for an independent security
group apply exclusively to the sites or organizations associated with
that security group.
- The application authorizations specified for all security groups
that are not independent apply to all sites specified for those security
groups.
- When you do not specify a site, access to the Users application
and to the Security Groups application is site independent. To change
site administration, you can specify a site for the security group
that grants access to these applications. For example, if a security
group has access to these applications at site 1, a user who is logged
in can only change information for users who are associated with site
1.
- The available options in the menus depend on the options and applications
that you granted a user, regardless of the site or organization.
- You can grant a user access to the Change Status action
based on sites.
- If the security profile for a user has application authorizations
but no sites, the user can access the applications. The user cannot
view or insert records, except for the Users application and Security
Groups applications.
- You can define conditional access to applications. For example,
a user is a member of two security groups, and one security group
has conditional access and the other security group has unconditional
access. The unconditional access overrides the conditional access,
and the user has unconditional access.
The accumulation of all unique application authorization records
across security groups becomes the access list of application authorizations
in the security profile of a user.