4.5. Groups

Groups are collections of users. You can Add and Remove groups as present in the external User Source or Internal Group definition.

Note

SavaPage caches group members for performance reasons. Therefore, when group membership changes at the source, it may not be immediately known in SavaPage. The membership cache is updated automatically according to the Import new users overnight option in the User Creation section, but can be also be refreshed manually at any time by a push on a button in the same section.

4.5.1. Built-in Groups

There are three built-in groups:

4.5.2. Group List

After a tap on the Groups button in the main menu this panel is shown. See Section 4.2, “Menu”.

Admin Web App: User Group - List

Figure 4.26. Admin Web App: User Group - List


Built-in groups are depicted in orange. Press the Add & Remove button to add additional groups.

Each item in the list shows the number of members and has buttons to jump to other dialogs. From left to right, these buttons bring you to:

  • The Edit Group dialog.

  • The User List with the group preselected.

  • The Account List with the Group Type and Name preselected. Note: since the Group Account is lazy created upon first use it might be that the list is empty.

Note

Due to Admin Privileges certain buttons might not be visible.

Admin Web App: Group - Select and Sort

Figure 4.27. Admin Web App: Group - Select and Sort


  • Groups can be selected by entering a part (fragment) of their name.

  • The list can be sorted Ascending or Descending on group name.

  • Tap the Apply button to (re)display the list.

  • A tap on the Default button resets the selection and sort fields to their default values.

  • Use the minus button to collapse the Select and Sort section.

4.5.3. Add & Remove Groups

Admin Web App: User Groups - Add & Remove

Figure 4.28. Admin Web App: User Groups - Add & Remove


Select the groups to add and to remove and press the OK button to commit the selection.

Note

The group list is a mix from the ones present in the external User Source and the ones defined as Internal Group. When adding a user group from Microsoft Active Directory, members from nested groups are included.

4.5.4. Edit Group

The Group Edit Dialog has several sections. Press the OK button at the bottom to commit all changes.

4.5.4.1. Group Roles

Admin Web App: User Group - Edit - Roles

Figure 4.29. Admin Web App: User Group - Edit - Roles


In the Roles section you can set the user roles for group members. See Section 4.4.4.2, “User Roles” for an explanation of the roles and how role based user access works.

4.5.4.2. User Privileges

Admin Web App: User Group - Edit - User Privileges

Figure 4.30. Admin Web App: User Group - Edit - User Privileges


In the User Privileges section you can set group member access to User Web App domain objects. Privileges are set by means three-state buttons. An unselected grayed out button means indeterminate, plain unselected means non-privileged and selected means privileged. When a privilege on a domain object is selected a role like Reader and Editor might be selected, as well as extra actions like Send and Download. The type of Roles and Actions offered depend on the type of domain object. This is how choices work out:

  • When User Details is non-privileged the footer button for the User Details dialog is replaced with a simple indicator holding the id of the authenticated user.

  • When SafePages is non-privileged, the PDF and Sort buttons are not displayed in the Main Page. When selected, the Reader role will display the PDF but not the Sort button, and the Editor role will display both. The Send and Download options activate the respective buttons in the PDF dialog.

  • When Financial is non-privileged, the account balance will not show in the footer, the Transactions button will not show in the Log page, and Financial data will not show in the User Details dialog. When selected, the Reader and Editor role will display all. However, only the Editor role is allowed account transactions in the User Details dialog.

  • When Letterhead is non-privileged, the Letterhead button is not displayed. When privileged the Reader and Editor role allows user to choose a Letterhead in the PDF and Print dialog. The Editor role allows users to add letterheads themselves. See Section 3.6, “Letterheads”.

  • The open spots left by buttons that are not displayed are taken by: the Upload button (moved from the footer), a Browse button pointing to the Browser, and the Info button (moved from the footer), in that order. See Section 3.2.2, “Footer”.

This is how a privilege is evaluated on runtime:

  • To be compatible with existing installations the indeterminate state for top level group All Users is interpreted as fully privileged. Of course, privileges can also be set at "lower" group levels. When determining privileges for a domain object, SavaPage looks at the lowest group first, and bubbles up to higher groups till a non-indeterminate privilege for the domain object is found.

  • A denial of access due to a privilege takes precedence over any other configuration property.

4.5.4.3. Admin Privileges

In the Administrator Privileges section you can set group member access to Admin Web App domain objects. The objects correspond to the choices in the main menu. Any user with Administrator Role is assigned privileges by group membership.

Admin Web App: User Group - Edit - Admin Privileges

Figure 4.31. Admin Web App: User Group - Edit - Admin Privileges


Privileges are set and evaluated by means three-state buttons, just as User Privileges. For most domain objects a Reader and Editor role can be selected. Access to domain objects will be shown or hidden according to the privileges.

4.5.4.4. New User Settings

Admin Web App: User Group - Edit - New User Settings

Figure 4.32. Admin Web App: User Group - Edit - New User Settings


When New User Settings are enabled they are automatically applied upon User Creation for members of this group. Note that these settings do not affect existing user members. See the Financial section of the Edit User dialog for a description of the Balance and Credit Limit fields.

When a user belongs to multiple groups, the New User Settings of these groups is applied as follows:

  • The user is assigned an initial Balance that is the sum of the Initial Balances of all matching groups (with the exception of the Built-in Groups).

  • If any of the matching groups has Initial Credit Limit None the user is assigned this status.

  • Since the New User Settings are applied in alphabetical group name order, the Initial Credit Limit Default and Individual are assigned from the last group.

When a user does not belong to any group with New User Settings enabled, he is assigned the settings of the External Users or Internal Users Built-in Group (depending on the type of User Source).

Note

New User Settings are not shown for Built-in Group All Users because they are never used.