How to enable User Groups to get more granular access and security for individual Records
User Groups give you the ability to provide more detailed access to particular Records in your Application, similar to how Permission Sets allow you to restrict access on Steps. User Group access will allow you to "tag" specific users or User Groups (pre-defined groups of users) to a Record and restrict access to only those users and User Groups tagged.
In order for User Groups to be enabled, they must first be activated for a Workflow. Below is a quick guide to get started.
Set-up User Groups for the Workflow
Activate User Groups by double-clicking the background of a Workflow or right-clicking and selecting Edit Workflow. This will take you to the Workflow modal. On the Access tab, check the Restrict Access with User Groups box.
Once this is selected, a new checkbox - Require User Groups - will appear. This will automatically be checked. We recommend keeping Require User Groups on since Records without User Groups assigned will not be visible to anyone once User Groups are enforced. The Require User Groups feature prevents this from happening. You will also be able to define a "Default" User Group - this User Group will be automatically added to any new Record created in the Workflow.
Once User Groups have been enabled for a Workflow, you will now be able to restrict and control access to Individual Records within this Workflow.
One very important thing to note is that if you already have Records created in a Workflow, you will need to make sure to "tag" the users that you want to have access to those Records before you turn on the User Group Access. If you do not add the appropriate users, they will no longer be able to access their Records.
Create or Modify User Groups
On the Build > Access page, navigate to the Groups tab at the top.
Click + Add Group to create a new User Group for each type of group you would like to setup. In the modal, name the group in the Title field.
Add Group Users that you would like to be a part of that User Group, and lastly click Save Group.
Export User Groups
If you need to view your User Groups outside of Risk Cloud, you can export them from the Build > Access page. Click the button at the bottom of the list to download a CSV of User Groups. This download will by limited by any search parameters you entered at the top of the page.
Link Groups to Each Individual Record
The Group & Users step setting determines what an end-user should see/do within the User Group panel.
In order to access this panel on the record page, the following configuration/permissions must be set up:
- Restrict Access with User Groups is enabled for that Workflow
- The end user must have adequate permissions to view:
- All users with Admin < All entitlement can always add and remove User Groups from records for which they have access (view or edit).
- For non-admins that are assigned to the record:
- Full Access - users can add and remove users and user groups
- Add Only - users can only add and cannot remove user groups
- Read Only - users can neither add or remove user groups
Provided the workflow and user permissions are correctly configured, the Record Access icon will be displayed on the record page:
Clicking the Record Access icon will open the record access panel:
To add individual users, click the Add Users button. To add user groups, click the Add User Groups button.
Bulk Update Record-level Access
When you need to make changes to access permissions for multiple records, instead of linking Users and Groups to Each Individual Record (see above) one by one, you can leverage Bulk Update Fields feature to do so. Refer to the Help Center Article Bulk Update Fields - Record-level Access section to learn more.
[Legacy UI] Link Groups to Each Individual Record
Note: the below instructions are specific to the legacy UI. At time of publishing, the legacy UI is scheduled to be retired in September of 2024. For more information about the new UI, refer to the Re-imagined Record Experience page.
When creating a new Record in that Workflow, you can select which Groups you would like to grant access to this specific Record. There is not a way to map a custom Field to User Group access at the moment.
To add a User Group to a Record the Record must be checked out to you or have the Admin > All Entitlement. Then click on the People icon in the upper right corner of your Record Page. Once there, search for the User Group and add it.
Important Note: If a User is not added/tagged to the Record, they will not be able to View or Edit that particular piece of work even if they have access to that Step via a User Role! Because of this, it can be easy at times to unintentionally restrict access to information to either yourself of other users.
Comments
0 comments
Please sign in to leave a comment.