As of Syntasa 5.2, it is possible to create user groups to collect users that belong to a team or are collaborating on a project. The creation of user groups enables owners of apps and resources, e.g. connections, stores, runtimes, to choose what group(s) have access to the app and/or resource.
Whether it be to officially separate work into teams or want to create a new app in isolation before showing off to the rest of the users, the group and sharing functionality enables sysadmins and users to organize users and choose the visibility setting of each app and resource to be private, public, or restricted to certain group(s) to their liking.
This article reviews the following:
- Creating user groups
- Assigning users to group(s)
- Choosing the sharing option
- Direct/Indirect access to resources
Creating user groups
The creation of a new user group can be for an organization team, cross-organization project team, or any logical grouping of users that may want/need access to the same app or resource.
When designing and deciding the number of and what user groups you may need, keep the following in mind:
- User groups are used when selecting the group share option on an app or resource. There are also options for public and private. If not needing the group option then no user groups need to be created.
- When creating user groups keep in mind that a single user can belong to multiple groups. This may affect the decision on the design and number of user groups.
Creating user groups is available to a system administrator via the Group Management screen found within the Security menu.
Assigning users to group(s)
The system administrator has the ability to assign users to groups or a user to groups in two manners, both available from the Security menu.
Users to a group
From within Group Management users can be added and/or removed from a group at the same time. As users are added to a group, the view also displays the user's current, other groups that they are members.
Groups to a user
From within User Management groups can be added and/or removed from a user at the same time. The view displays all user groups with an indication if they are a member or not of each.
Choosing the sharing option
When creating a new app or resource, the sharing option selection will be available to make the component available as Private, Public, or Group. Regardless of the selection, a user with the role of System Admin will always have access to all apps and resources.
The sharing option selected at the time of creating the component can be changed by the owner or a system administrator. The owner of the app or resource is by default the user that is creating the component. This can be changed, if needed, by the owner or the system administrator, after the component is created.
When editing a component, the owner and sharing option is visible and can be changed by the owner or system administrator. For other users, when editing a component, the sharing option and owner settings are hidden.
Private - Private can be set by the owner (or the system administrator) to limit access to the component only to the owner. System administrators can also access components set to private.
Public - Public is the default setting and is the behavior of all components before Syntasa 5.2, i.e. before the sharing functionality was available, as all users have access to the component (except apps that are in a module, Synthesizer, Composer, Orchestrator, and the user's role is such that they do not have access to that module).
Group - Group can be set by the owner (or the system administrator) to limit the access to the component to the user group(s) assigned to the component. As with private, the system administrator can view components with the sharing option set to group regardless if they are a member of the group.
Direct/Indirect access to resources
Direct access to a resource, e.g. connection, event store, runtime, etc., is when a user is the owner of the resource, the owner of the resource is a different user and it has been shared publicly, or the owner of the resource is a different user and it has been shared with one of the user's groups.
When a user has direct access to a resource they can see the resource in the dedicated menu/screen and can use the resource while building or editing any apps that they have access to.
When using the public or group sharing options for an app, the entire app including its resources is shared with all users or users assigned to the selected groups. An app is made up of various types of resources, e.g. connection, event store, etc. When these resources have more restrictive sharing options than the app itself, i.e. a user sees a resource in an app that they do not have direct access to, this is referred to as indirect access to the resource.
For example, a connection may be set with a sharing option of private by user Jane. Jane may create an app ABC that uses the private connection and then share the app ABC publicly. A different user, Jack, will not see the connection from the connection screen, but within app ABC will see the private connection.