User Groups

Users can be grouped together for easier management. User grouping helps in carrying out operations in bulk on all the resources of the group. The resources added to PMP can be assigned to a user group.

To add user groups,

  • Go to "Admin >> Users" tab in the web interface
  • Click "User Groups" tab (alternatively, you can launch this page directly through the "User Groups" link in the "Links" tab)

In the Add User Group UI that opens,

  • Enter a name for the user group
  • Provide a description about the group being created. This would be helpful for future reference.
  • From the list of users, search & select the ones to be added to the group. Click the icon to search for specific users
  • Click "Save". The required group is created

What happens for a new user who gets added to an already existing group?

The new user will become part of that group and automatically inherit all the properties and permission levels of the group.

Importing User Groups from AD

You can import specific user groups and OUs from the active directory and retain the same user group structure in PMP. You can even choose to synchronize the user group structure in PMP with that of AD at periodic intervals. Refer to the section integrating active directory for more details.

Settings for User Groups

In order to achieve high level of security, PMP provides the option to configure the following settings for user groups:

Include passwords when resource details are exported to CSV format

When one exports PMP resources to a CSV file, by default, password of the accounts are included in plain text. In case, for security reasons, you wish not to allow the members of a user group to export passwords during resource import, you can do so from the group level setting:

  • Go to Links >> Groups >> User Groups tab
  • Click the icon "Settings" present against the required group
  • Uncheck the checkbox against the field "Include passwords when resource details are exported to CSV format"
  • Click "Save"

Allow to manage personal passwords

PMP provides personal password management feature as a value addition to individual users to manage their personal passwords such as credit card PIN numbers, bank accounts etc while using the software for enterprise password management. The personal password management belongs exclusively to the individual users. For security reasons, if you do not wish to allow personal password management for a group of PMP users, you can do so from the setting as explained below. Once you do this, the 'Personal' tab will not appear in the PMP GUI for all the members of that particular group.

  • Go to "Links >> Groups >> User Groups" tab
  • Click the icon "Settings" present against the required group
  • Uncheck the checkbox against the field "Allow to manage personal passwords"
  • Click "Save"

Allow to export personal passwords

PMP provides the option for users to export their personal passwords. For security reasons, if you do not wish to allow export of personal passwords for a group of PMP users, you can do so from the setting as explained below.

  • Go to Links >> Groups >> User Groups tab
  • Click the icon "Settings" present against the required group
  • Uncheck the checkbox against the field "Allow to export personal passwords"
  • Click "Save"

Permit group members to grant 'Manage Share' of their criteria-based resource groups to others

By default, 'Manage Share' for criteria-based resource groups is disabled. To enable it you need to carry out a configuration setting at the user group level.

The Reason

'Manage Share' for criteria-based resource groups is fraught with a risk of exploitation. There is a possibility that an administrator or password administrator could gain unauthorized manage permission for resources that are not allotted to them by intelligently creating a series of Resource Groups specifying certain matching criteria for the condition "Resource name contains".

How to Securely Enable it?

This can be enabled through a setting at the User Group level only. You need to do the following:

  • Create a user group containing the administrators / password administrators who are to be permitted to do 'Manage Share' for criteria-based resource groups. (Links >> Groups >> User Groups tab)
  • After creating the group, click the icon "Settings" present against that group
  • Select the checkbox against the field "Permit group members to grant 'Manage Share' of their criteria-based resource groups to others" and click "Save"

Once you carry out the above setting, the members of that particular user group will be permitted to do "Manage Share" of their criteria-based resource groups. Thus, administrators can decide who can use 'manage' share and track the events.

Managing User Groups

Editing a User Group - Adding new users to the group, deleting existing users from the group

You can edit an existing user group to add more users to the group or remove existing users. To edit a user group,

  • Go to Links >> Groups >> User Groups tab
  • Click the icon "Edit" present against the required group
  • All the users present in the system are listed in the GUI. The users who are already part of the group are shown selected (checkbox). If you want to add new users to the group, select the user. On the other hand, if you want to delete an existing user, uncheck the checkbox.
  • Click "Save"

Deleting User Group

You can delete an existing user group in PMP. When you do so, the group will no longer exist. The group level settings done for that group will no longer apply for the users who were members of that group. Deletion of user group will not have any impact on the resources stored in PMP. The resource shares done for the group will vanish.

To delete a user group,

  • Go to Links >> Groups >> User Groups tab
  • Click the icon "Delete" present against the required group

©2014, ZOHO Corp. All Rights Reserved.

Top