User groups. What are they for?

Groups of users and their nesting

“User Groups” and their nesting

In CIFKM people in an organization are structured into multiple groups of users with functional criteria that are easy to manage. Each user group can receive faculties (permissions to access and act) over any “Data Smart Box” and over any particular template.

With the groups one manages to represent the company, both hierarchically and functionally. For example, groups may represent areas, subareas, departments, committees and working groups, positions in the organizational chart (in this case the group representing a position may have a single member who will be the person who occupies the position at any time).

The user, when registered, is automatically assigned a staff group of which he/she is the only member.

Based on the organizational chart position groups are created (one for each position of the chart). Each user, who already has a personal group where he is the only member, if he/she also has an assigned position in the organization chart, will be included in the user group that represents that position in which he/she may also be its only member. Later, personal and position groups will be included in the functional groups such as areas of the company, working groups, committees, etc..

The structure of groups described is the basis to assign the access and faculties of each user group over the “Data Smart Boxes” and the templates. Furthermore, with such a structure it will be easy to reorganize since persons must be only be replaced on the base, ie in the position groups of the flowchart and in the personal groups. This will be done by users with faculties to administrate each group of users.

A user group (target group) can also have as members other user groups (source groups). In this case, the members of the source group will be considered members of the target group, as if they had been incorporated to it individually.

Membership in a group of users, or having permissions in it without membership, means that the user may have the faculties assigned to the group over any “Data Smart Box” or template. For example, (1) access for consultation (read role), (2) the right to modify, use, eliminate the group (group administrator role) and (3) the right only to use the group, for example, to associate it to a “Data Smart Box”. These group roles (access, use, administrate) are those that have been created by default in the standard version that is downloaded from the cloud, though other types of roles can be configured at one´s convenience by grouping other sets of faculties (see element and template roles)

It is worth noting that the group role assignment is not restricted only to members of the group, but that they may be assigned to any internal user whether or not he is a member, of the group. As an example, a non-member who has the faculty to use the group may receive customer orders, create for each one a “Data Smart Box” by means of the corresponding template and associate it to the corresponding user group that must act on each type of order. Since this user will not belong to the group, he will not have access to the elements once created (except if he has also been assigned the read role in the user group)

The question that arises is that, if anyone can have faculties (group roles) assigned with respect to a group, then why does one distinguish between members and non-members? The answer is that when a group is nested in another (see figure) the non-members of the first are not a part of the second; only the members of the first are part of the second.

It should be noted that the possibility of assigning group roles to non-member users does not make it more difficult to carry out a reorganization of the company with a replacement of people, provided one has ensured that the membership in user groups or the simple assignment of roles to each user has been carried out with nesting of his/her personal or position group in other groups (a group nested in another group). Thus, the separation or replacement of a user from his personal/position group (company flowchart) is automatically replicated in the other groups in which he is nested directly or indirectly and in the group roles assigned directly to the former.

When a user group is created, this may be marked as a private group, in which case it may not be viewed by any non-member, nor by the CIFKM administrators. But keep in mind that private user groups can be created only by persons who in their user role have faculties to create user groups.

What do they solve?

The user groups allow one to easily administrate who can access and with what faculties over each “Data Smart Box” or template to consult, use, modify, eliminate “Data Smart Boxes” or templates. None of these elements will exist (will not be displayed and will not be accessible) for other unauthorized users.

With the group structure it is easy to reorganize the company if one has ensured that the users have their roles (faculties) with respect to system elements via the personal or position group in the company flowchart, either directly or by means of nesting in other user groups. For example, if a person leaves a position in the flowchart, his/her simple replacement by another person in the group of users that represents this position will imply an automatic replacement in any other user group of which the first group is a member or has faculties, or in the fullfillment of the faculties (roles) that may have been assigned directly to the position group.

(See more…)

Print page
Bookmark the permalink.

Leave a Reply