Person Group Properties
For information on a person group, see:Personal characteristics
Name
The name of the person group can comprise letters, figures and/or special characters.
E.g.: HR Department
Description
This text field is free and optional.
Application access
Authentication Group
A person can belong to:
• a static group
Persons are explicitly connected to the group.
• a dynamic group
The group computes the persons of the group on the fly.
E.g.: SSO type groups (SSO authentication case) are characterized by claims.
Default connection group
When the Default connection group attribute is selected, any person who has not a direct link with a specific group but with the "Belongs to a person group" attribute selected, belongs to the default connection group.
Use of this attribute in read-only mode is recommended.Login
The login of a person group is a unique character string uniquely identifying the person group. It enables to make the group inactive.
A person belonging to a group connects to the application with his/her own login.It is defined by the following parameters:
• User Code
• Command Line
• Status (Login)
• Authentication Mode (case of authentication managed within HOPEX)
Data access
Data Language
The Data language attribute of the person group is used to define a specific data language for this user group.
By default, the data language is defined at installation in the environment options for all users (Options>Installation>Languages) with the Data language option.Person group writing access area and writing access area at creation
Writing access management is available only with the HOPEX Power Supervisor technical module. A writing access area is a tag attached to an object to protect it from unwanted modifications. At creation, an object takes the writing access area of the group to which the user creating it belongs.
There is a hierarchical link between writing access areas: a user can only modify an object when he/she has the same writing access level as this object or a higher writing access area level.
Person group reading access area and reading access area at creation
Information related to the reading access area is only visible when the Activate reading access diagram option is selected in the Environment Options (Compatibility > Windows Front-End > Administration).Certain objects or modeling projects may be confidential or contain data (costs, risks, controls) that should be visible only to authorized users.
The HOPEX administrator can hide objects corresponding to this confidential data.
To implement a data confidentiality policy, objects must be organized in distinct sets. Each set of objects constitutes a reading access area.
Each person group is associated with a reading access area that determines the objects the person group can see. A user can only see objects located in the reading access area of the group or in the lower reading access areas.
Persons
A person group is defined by a list of persons belonging to the same group.
Profile assignments
To be able to connect to HOPEX the user must have at least one profile. By default, no profile is assigned to the person group; you must assign at least one profile to the person group.
The profile determines the following for the person group:
• the desktops accessible
• access to repositories
• the products accessible
• the objects and tools accessible
See Profile Description.The profile assignment defines:
• the repository concerned by the assignment
• the access rights to the repositories with this profile assignment
• (optional) the validity period of the assignment