This article covers the following:
- Adding and editing a user group
- Copying a user group
- Deleting a user group
- Linking a user to a user group
- User group reports
PPO allows Administrators to limit users in terms of functionality by means of the User Groups and in terms of data by means of User Group Filters.
This article deals exclusively with the maintenance of User Group functionality. Please see the following knowledge base article for information on maintaining and limiting user access to data (User Group Filters).
Every PPO user belongs to a single user group. When a user group is created on PPO, the access to functionality, menu items, reports and dashboards is set for that specific user group (e.g. determine whether or not the applicable user group can add, edit, view, delete and / or move entity items, and so on).
For the PPO Administrator to be able to maintain user groups they have to have access to the Administration Menu and the User Groups menu item in the list.
Click on the User Groups list item to view a list of all the user groups that are already set up on PPO.
To edit a user group, click on the user group from this list or to add a new user group, click on the Add button.
The name of the user group should be entered at the top of the User Group Add page or User Group Edit page.
Each user group can also have their own Life Cycle start up page. This allows for different user groups to follow their own processes, without having to start from a communal page or having access to the life cycles of other user groups.
If no Life Cycle start up page is selected and the user group does have access to the Life Cycle menu item, the user group will see the default Life Cycle as set up in the System Configuration. For more information on the Life Cycle, please access the following knowledge base article.
Optionally you can also specify a Parent user group. If you select a parent user group, the user group will "inherit" all the rights of the parent i.e. the access rights will be the same as that of the parent. If the access rights associated with the parent is changed, all the user groups that have that user group as a parent will automatically also have those rights. Note that if you select a parent user group you will not be able to change any of the access settings.
From the User Group Edit page, access can be defined in four major areas: Menus, Reports, Dashboards and Functions.
Menus are the buttons at the top of each page in PPO.
Access to these menu items can be controlled by selecting an Access or No Access radio button in the Menus section on the User Group Edit page. To remove the Life Cycle menu item, select the No Access radio button for View Life Cycle.
The Life Cycle menu item will no longer show for the selected user group.
Reports are accessed from the Reporting Menu. If a user group has access to the reports menu , the list of reports available to the user group can be defined in the reports section on the User Group Edit page. To provide access to reports, click on the appropriate Access or No Access radio buttons next to the report name.
Through this setting user groups can be given access to all project reports:
Or only to a selected number of project reports:
Dashboards are accessed through the Dashboards menu item. If a user has access to the Dashboards menu item, the list of dashboards available to the user group can be defined in the Dashboards section on the User Group Edit page. To provide access to dashboards, click on the appropriate Access or No Access radio buttons next to the dashboard name.
Through this setting, user groups can be given access to all dashboards:
Or only to a selected number of dashboards:
Functions are related to what a user should be able to do in PPO. For example, whether a user should be able to add, edit or view Issues, import Tasks, view others' Home Pages or disable global filters, are all functions within PPO. Every function in PPO is listed in the Functions section on the User Groups Edit page and access to these functions can be granted or removed by selecting the appropriate Access or No Access radio buttons.
Through this function user groups can be given access to selected administrative functions:
User groups can also be granted access to add, and from the Actions menu edit, delete and move items:
Or only to view items:
Once all menus, reports, dashboards, and functions have been assigned access or no access, click on the Submit button.
As mentioned earlier you can optionally specify a parent user group which ensures that the user group has the same access settings as the parent. However, you can also use the functionality to copy the access settings from an existing user group and then make further changes. To do this, create a user group as normal and specify as parent the user group that you want to copy from. At this point you will not be able to make any changes. Submit the user group and then edit it again by clicking on it from the user group list page. Now when you remove the parent i.e. select a blank, the user group will retain the settings from the parent but you will be able to make additional changes as required.
Note that the user group is no longer linked to the parent user group and any changes made to the parent user group will not be propagated to this user group.
User groups can only be deleted if no users (Active or Inactive) are assigned to the user group. If no users are assigned to the user group, the Delete button will appear at the bottom of the User Group Edit page. Click this button to delete the user group.
Once the user group has been created users can then be assigned to the user group by going to Administration menu item and selecting Users from the list.
From here click on the user you want to assign to the newly created user group or click on the add button.
The user group for the user can then be defined on this screen.
For more information on users, see the following knowledge base article.
PPO offers a Logical Access Report. From the Reporting menu item select Reports then Administration as the report category and select Logical Access Report. This shows each user group's access to the various functions in Datasheet View.
For more information on this report, see the following knowledge base article.