4.5. Groups

Groups are collections of users. You can Add and Remove groups as present in the external User Source or Internal Group definition.


SavaPage caches group members for performance reasons. Therefore, when group membership changes at the source, it may not be immediately known in SavaPage. The membership cache is updated automatically according to the Import new users overnight option in the User Creation section, but can be also be refreshed manually at any time by a push on a button in the same section.

4.5.1. Built-in Groups

There are three built-in groups:

4.5.2. Group List

After a tap on the Groups button in the main menu this panel is shown. See Section 4.2, “Menu”.

Admin Web App: User Group - List

Figure 4.28. Admin Web App: User Group - List

Built-in groups are depicted in orange. Press the Add & Remove button to add additional groups.

Each item in the list shows the number of members and has buttons to jump to other dialogs. From left to right, these buttons bring you to:

  • The Edit Group dialog.

  • The User List with the group preselected. Note: the button is not visible when number of group members is zero.

  • The Account List with the Group Type and Name preselected. Note: the button is not visible when the (lazy created) Group Account is not present yet.


Due to Admin Privileges certain buttons might not be visible.

Admin Web App: Group - Select and Sort

Figure 4.29. Admin Web App: Group - Select and Sort

  • Groups can be selected by entering a part (fragment) of their name.

  • The list can be sorted Ascending or Descending on group name.

  • Tap the Apply button to (re)display the list.

  • A tap on the Default button resets the selection and sort fields to their default values.

  • Use the minus button to collapse the Select and Sort section.

4.5.3. Add & Remove Groups

Admin Web App: User Groups - Add & Remove

Figure 4.30. Admin Web App: User Groups - Add & Remove

Select the groups to add and to remove and press the OK button to commit the selection.


The group list is a mix from the ones present in the external User Source and the ones defined as Internal Group. When adding a user group from Microsoft Active Directory, members from nested groups are included.

4.5.4. Edit Group

The Group Edit Dialog has several sections. Press the OK button at the bottom to commit all changes. Group Roles

Admin Web App: User Group - Edit - Roles

Figure 4.31. Admin Web App: User Group - Edit - Roles

In the Roles section you can set the user roles for group members. See Section, “User Roles” for an explanation of the roles and how role based user access works. User Privileges

Admin Web App: User Group - Edit - User Privileges

Figure 4.32. Admin Web App: User Group - Edit - User Privileges

In the User Privileges section you can set group member access to User Web App domain objects. Privileges are set by means three-state buttons. An unselected grayed out button means indeterminate, plain unselected means non-privileged and selected means privileged. When a privilege on a domain object is selected a role like Reader and Editor might be selected, as well as extra actions like Download, Send and Sign . The type of Roles and Actions offered depend on the type of domain object. This is how choices work out:

  • When SafePages is non-privileged, the PDF and Sort buttons are not displayed in the Main Page. When selected, the Reader role will display the PDF but not the Sort button, and the Editor role will display both. The Download and Send options display the respective buttons in the PDF dialog: the Sign option displays the same option in the PDF Security section.

  • When User Details is non-privileged the footer button for the User Details dialog is replaced with a simple indicator holding the id of the authenticated user.

  • When Personal Print is non-privileged, use of Personal Account for printing is not allowed. User can use Shared Accounts though, when permitted by Access Control. When printing with Personal and Shared Account is not permitted, role Print Job Creator is assumed, even when this role is explicitly selected.

  • When Print Journal is privileged a Print Job will be silently journalled. When Print Archive is privileged, the Print Job Archive option is active: when Select is privileged, the user is allowed to (de) select the archive, when not, the Print Job will be silently archived. Beware, that these functions can be disabled for individual printers: see Section 4.8.2, “Edit Proxy Printer”.

  • When Financial is non-privileged, the account balance will not show in the footer, the Transactions button will not show in the Log page, and Financial data will not show in the User Details dialog. When selected, the Reader and Editor role will display all. However, only the Editor role is allowed account transactions in the User Details dialog.

  • When Letterhead is non-privileged, the Letterhead button is not displayed. When privileged the Reader and Editor role allows user to choose a Letterhead in the PDF and Print dialog. The Editor role allows users to add letterheads themselves. See Section 3.6, “Letterheads”.

  • The open spots left by buttons that are not displayed are taken by: the Upload button (moved from the footer), a Browse button pointing to the Browser, and the Info button (moved from the footer), in that order. See Section 3.3.2, “Footer”.

This is how a privilege is evaluated on runtime:

  • To be compatible with existing installations the indeterminate state for top level group All Users is interpreted as fully privileged. Of course, privileges can also be set at "lower" group levels. When determining privileges for a domain object, SavaPage looks at the lowest group first, and bubbles up to higher groups till a non-indeterminate privilege for the domain object is found.

  • A denial of access due to a privilege takes precedence over any other configuration property. Admin Privileges

In the Administrator Privileges section you can set group member access to Admin Web App domain objects. The objects correspond to the choices in the main menu. Any user with Administrator Role is assigned privileges by group membership.

Admin Web App: User Group - Edit - Admin Privileges

Figure 4.33. Admin Web App: User Group - Edit - Admin Privileges

Privileges are set and evaluated by means three-state buttons, just as User Privileges. For most domain objects a Reader and Editor role can be selected. Access to domain objects will be shown or hidden according to the privileges. New User Settings

Admin Web App: User Group - Edit - New User Settings

Figure 4.34. Admin Web App: User Group - Edit - New User Settings

When New User Settings are enabled they are automatically applied upon User Creation for members of this group. Note that these settings do not affect existing user members. See the Financial section of the Edit User dialog for a description of the Balance and Credit Limit fields.

When a user belongs to multiple groups, the New User Settings of these groups is applied as follows:

  • The user is assigned an initial Balance that is the sum of the Initial Balances of all matching groups (with the exception of the Built-in Groups).

  • If any of the matching groups has Initial Credit Limit None the user is assigned this status.

  • Since the New User Settings are applied in alphabetical group name order, the Initial Credit Limit Default and Individual are assigned from the last group.

When a user does not belong to any group with New User Settings enabled, he is assigned the settings of the External Users or Internal Users Built-in Group (depending on the type of User Source).


New User Settings are not shown for Built-in Group All Users because they are never used.