Overview
BETA FEATURE
Those taking part in our beta program have functionality documented here. As an initial milestone in a larger initiative to re-imagine role-based access control in ZenGRC, we're releasing this initial beta feature that allows administrators to maintain more granular control over individual object permissions by creating user groups that can be assigned to specific objects.
This functionality allows administrators to create user groups, which can then be assigned to objects. All users in the group have full read, write, and delete control of the object regardless of their respective global role.
However, while users in the group have administrative control over the specific object to which their group has been added, their ability to see other objects mapped to that assigned item depends on their global roles.
NOTE
For additional information on user permissions, please see Role-Based Permissions and Role-Based Permissions for Risk.
Creating Groups
To create or modify a group, complete the following:
- Click Settings | Groups.
- Click Actions | New Group.
- Add a descriptive title so it can be differentiated from other groups or users.
- Select one or more users in the People drop-down.
- Click Save. This group may now be selected on individual objects as described in the next documentation section.
- Alternatively, click Cancel to close the dialog box without saving.
Assigning Groups to Items
At present, groups can be assigned only to objects that have an Owner field. To allow a group or groups to have access to an item, complete the following steps:
- Open the item from the System of Record or a module's home page.
- Click to edit the Owner field.
- Select the group in the drop-down.
- Click Save.