This topic describes what to do to prepare for planning user groups.
The first step in the planning process, deciding your security strategy,
is like setting company policy. Now you are ready to plan for groups of users,
which is like deciding department policy.
What is a user group? A user group is exactly what
its name implies: a group of people who need to use the same applications
in the same way. Typically, a user group consists of people who work in the
same department and have similar job responsibilities. You define a user group
by creating a group profile.
What does a group profile do? A group profile serves
two purposes on the system:
- Security tool: A group profile provides a simple
way to organize who can use certain objects on your system (object authorities).
You can define object authorities for an entire group rather than for each
individual member of the group.
- Customizing tool: You can use a group profile as
a pattern for creating individual user profiles. Most people who are part
of the same group have the same customizing needs, such as the initial menu
and the default printer. You can define these in the group profile and copy
them to the individual user profiles.
Group profiles make it easier for you to maintain a simple, consistent
scheme for both security and customizing.
What forms do you need?
- Complete a user group ID worksheet to identify the groups of users on
your system that have similar application needs.
- Complete a user group description for each group that uses
your system.
To complete these forms, you will need to perform the following tasks:
- Identify user groups
- Plan group profiles
- Choose values that affect sign on
- Choose values that limit what a user can do
- Choose values that set up the user's environment
Identifying user groups
When you plan your user
groups, you must first identify groups of users on your system. This allows
you to plan accesses to resources that these groups need. Try using a simple
method to identify your user groups. Think about the departments or work groups
who plan to use the system. Look at the application diagram you drew earlier
of your applications. See if a natural relationship exists between work groups
and applications:
- Can you identify a primary application for each work group?
- Do you know which applications each group needs? Which applications they
do not need?
- Do you know which group should own the information in each application
library?
If you can answer ″Yes″ to those questions, then you can begin
to plan your user groups. However, if you answered ″sometimes″ or ″maybe″,
then you might find it helpful to use a systematic approach to identify your
user groups.
Note: Making users a member of only one group profile simplifies
your security management. However, some situations can benefit from having
users belong to more than one group profile. Having users belong to more than
one group profile is usually easier to manage than giving many private authorities
to individual user profiles.
Decide what your user groups should
be. Fill in the User Group Identification form, if you need it to help you
decide. After you add your users to the User Group Identification form, you
can plan a group profile.
Example: Identifying user groups
In this example,
different groups need the Pricing and Contract application:
- The Sales and Marketing department sets prices and creating customer contracts.
They own the pricing and contract information.
- The customer order department changes contract information indirectly.
When they process orders, the quantities on the contract change. They need
to change pricing and contract information.
- The order processing people need to look at the credit limit information
to plan their work, but they are not allowed to change it. They need to view
the credit limit file.
Table 1. Example: User Group Identification
Form| User Group Identification
Form |
|---|
| |
Access Needed for Applications |
| User Name |
Department |
APP: A |
APP: B |
APP: C |
APP: D |
| Ken H. |
Order processing |
O |
C |
C |
C |
| Karen R. |
Order processing |
O |
C |
C |
C |
| Kris T. |
Accounting |
V |
|
V |
O |
| Sandy J. |
Accounting |
V |
C |
V |
O |
| Peter D. |
Accounting |
C |
|
V |
O |
| Ray W. |
Warehouse |
V |
O |
V |
|
| Rose Q. |
Warehouse |
V |
O |
V |
|
| Roger T. |
Sales and marketing |
C |
C |
O |
C |
| Sharon J. |
Management |
C |
C |
C |
C |
Note: - Use a V (view) if someone only needs to look at
the information in the application.
- Use a C (change) if someone needs to make changes
to the information.
- Use an O (owner) if someone has primary responsibility
for the information.
|