An access group is associated with a user through the Operator ID data instance. The access group determines:
If you are creating an access group for users of a composite portal who may enter work items, follow the restrictions mentioned for the Settings tab and Layout tab.
During signon, the system uses the access group identified in a user's Operator ID data instance to assemble that user's ruleset list. If the Access Group field (on the Profile tab of the Operator ID form) is blank, the system instead uses the access group identified in the Org Division associated with the Operator ID. If that also is blank, the access group in the Organization data instance is used, or finally it uses the Access Group identified in the Browser requestor type.
Access groups also determine the ruleset and versions available to external systems when they request services from an application. These data instances and rules reference an access group:
Agents rules and the related Agent Schedule data instances also reference an access group. (However, certain types of agents have a dynamic access group that may change for each item the agent processes from its queue.)
To review or update access group data instances, selectDesigner Studio > Org & Security > Security > Access Groups.
The Data-Admin-Operator-AccessGroup class contains access group data instances. They are part of the Security category.
When you save an access group data instance, if the Associated RuleSet is [none]
, the associated ruleset is set to the ruleset from the current application of the logged-in user. This association assists with application packaging. You can update the associated ruleset using the field in the top left of the form.
If there is no ruleset associated with the data instance (for example, for existing instances not previously associated with a ruleset), the Associated RuleSet displays [No associated RuleSet]
. Click [Edit] to define one.