User group policies
User group policies determine what a user can see and do. A superuser can create users and assign them to user groups with specific user group policies. You configure user group policies to enforce who has access and which actions they can perform. For examples of how to implement user group policies, see User group policy use cases.
A user group policy consists of three elements (rules, member security, and privileges) as detailed in the following table.
|Rules||A rule is a collection of conditions and permissions that are specified for an entity definition or for specific entities within it.||You create a rule for Portal.Page that states that the Editors user group can read but not modify a portal page; however, they can Read, Create, Update, or Delete the asset itself.|
|Member security||Member security is a specific level of security (Read or Write) that is defined for an entity definition member group and its members. You must secure a member for it to be available on the Member Security tab.||The M.Asset entity definition contains the General group and within this group is a Brand member. You assign Read and Write permissions to the Brand member.|
|Privileges||A privilege is the highest level of security setting and is reserved for system settings, the domain model, as well as the security model.||To the Testers user group, you assign all privileges so that they are able to properly test system settings.|
Changes to user group policies have a significant impact on the security model. We recommend that only experienced superusers make changes to user group policies.
Can we improve this article ? Provide feedback