Technical Blog Post
TRIRIGA Security Group planning and troubleshooting
In TRIRIGA, we provide some out of the box security groups for certain roles to use. However, some clients may want further define roles by geographies and organizations. Or further restrict access. Or whatever they have in mind. When you have a user that is in 1 security group and you have an issue with access, it is easy to find. Even with maybe 2 or 3 groups. But if you start adding security groups to a user, you may want to re-consider your security group design. You have to also remember, if any security group you add to a person has higher access than other security groups, the high access will prevail. Settings for geographies and organizations can impact what records are seen, so if you start adding a lot of groups, you need to make sure that the geographies and organizations all jive for what you are looking to accomplish. You need to keep track of it all your security groups and what they have access to and it can be a daunting task.
The more security groups you add to create a user’s security profile, the more time consuming it is to trouble shoot. If you have more than 1 security group and you find you have what you think is a security related issue, you should first create a single group with the access and add a 1 user. Then log in and see if you see the appropriate access. If you do, you just proved the access works so there might an issue with one of the groups added to the user. You can also use the Access Summary subtab of the Access tab, to help identify what access has been granted. The Access Summary sub tab only shows the access that has been granted.
The key is really to try to keep the number of security groups to a minimum if you can. It will help make it easier when making changes to access as well as any potential troubleshooting you may need to do.