To streamline user administration, you can organize users into hierarchical groups. You can create as many groups as you need. For example, you can create separate groups for each department, and further groups for each team within the department.
Note: You can only move groups if the Allow Groups to be Moved machine policy setting is enabled.
To move users or groups from one group to another
.
or group 
onto the new parent group.
Or right-click a user or group and choose Move Item.
Note: You can view a user's group history by clicking the Group History button on the Details tab of the User Properties dialog.
Important! You need to be aware of the following:
Although users and groups normally retain any customized policy settings or attributes when they are moved to a new parent group, it is possible that these will be overwritten if the corresponding settings or attributes inherited from the new parent group are already enforced (for example, 
or 
). To avoid such unintended changes, you can configure the Administration console to display a warning before you confirm a move.
If a group (and therefore its users) is moved from one parent group to another, the events associated with those users are also ‘moved’. Reviewers with rights to the first group lose access to those events, but reviewers with rights to the second group gain access to those events.
This means that reviewers in the second group can view events associated with users that were not in their management group at the time the event was captured.
If this is likely to cause a problem, we recommend you leave the Allow Groups to be Moved policy setting at its default setting of False and move users between groups by creating new target groups and moving users as required. This reduces the row level security risk.
|
Copyright © 2014 CA.
All rights reserved.
|
|