Wednesday, August 27, 2014

Rules on Combination of Security Groups

We have many security groups assigned to a single user.

We need to know how the combination of security groups [independent or non-independent] will work for users in different scenarios.
 - data restrictions
 - application authorization
 - approval limits and tolerances
 - authorization of general ledger components
 - labor authorization
 - site authorization
 - storeroom authorization

A user case on application authorization:
If a user is a member of multiple groups that are not independent and one security group has a restricted level of access, the user is granted the highest privileges across the security groups.

For example, take two security groups that are not independent: the Managers and the Maintenance Engineers security group. 
The user has access to pay rate information in the Managers security group, but does not have access to the information in the Maintenance security group. When the two security groups are combined, the user has access to pay rate information in the Maintenance group.

Reference:
http://goo.gl/LIvwhk