Person Group Properties

The name of the person group can comprise letters, figures and/or special characters.

User group writing access area and writing access area at creation

Writing access management is available only with the MEGA Supervisor technical module.

A writing access area is a tag attached to an object to protect it from unwanted modifications. At creation, an object takes the writing access area of the user that creates it.

There is a hierarchical link between writing access areas: a user can only modify an object when he/she has the same writing access level as this object or a higher writing access area level.

Information related to the reading access area is only visible when the Activate reading access diagram is selected in the Options of the Repository of the environment.

Certain objects or modeling projects may be confidential or contain data (costs, risks, controls) that should be visible only to authorized users.

The MEGA administrator can hide objects corresponding to this confidential data.

To implement a data confidentiality policy, objects must be organized in distinct sets. Each set of objects is a reading access areas.

Each person group is associated with a reading access area that determines the objects the person group can see. A user can only see objects located in his/her own or lower reading access areas.

The login of a person group is a unique character string uniquely identifying the person group. It enables definition of the connection characteristics of persons belonging to the group.

The user that belongs to the group connects with his/her own login, but with repository access rights defined on the login of the group.

A person belonging to a group connects to the application with his/her own login.

When the Default connection group attribute is selected, any person who has not a direct link with a specific group but with the "Belongs to a person group" attribute selected, belongs to the default connection group.

Use of this attribute in read-only mode is recommended.

By default, at installation "Guests" is the default connection group.

A person can belong to:

Persons are explicitly connected to the group.

The group computes group persons on the fly.

• LDAP groups (case of LDAP authentication)

• groups connected to a macro (the macro checks if the person belongs to the group or not)

An LDAP group is an organization within a directory. It is often characterized by type OU.

Example: the LDAP Quality group has the unique identifier (Distinguished Name):

OU=Quality,OU=UNIVERSITE,OU=FRANCE,DC=fr,DC=mega,DC=com

All persons belonging to this organization belong to the LDAP group.

LDAP groups represent a list of persons distributed by organization. Users belonging to an LDAP group use configuration available on the group:

The LDAP group defines a group or organization in the LDAP directory or Active Directory. It contains a list of users authorized to connect to the application concerned with the group configuration.

Dynamic group connected to a macro

The implemented macro calculates a list of persons connected to the person group. Persons resulting from the macro use the configuration defined on the person group, notably access to roles.

The macro should implement the following function:

Function IsUserExists (oPersonGroup, sUserName as String) as Boolean

sUserName: authentication login of the person.

oPersonGroup: person group object executing the query.

The function returns TRUE if the person belongs to the group, FALSE if not.

The Data language attribute of the person group is used to define a specific data language for this user group.

By default, the data language is defined in the environment options for all users at installation (Options/Installation/Web application) via the Data language option.