Setting up and using group-to-group permissions

State of knowledge

December 2024
ProCall DataCenter from 2410.0

Assigning group-to-group authorizations

Previously, it was only possible to assign rights within a group. The new function makes it possible to assign rights between users in different groups. This can be done both unidirectionally and bidirectionally. For example, members of the "IT" group can be granted permission to view all information of all users in other groups, but only "public" information the other way round.

The permissions can be assigned via the group's properties dialog under the "Cross-group permissions" tab.

Example screenshot: UCServer DataCenter Administration - Global settings - User administration - Groups - Cross-group permissions - Permission level

A group that is to receive rights to the group can be added via the "Add" button (1).

Example screenshot: Settings for group - Authorization towards other groups - Add

The authorization levelcan be set via the selection field (2).

The permissions assigned are listed in the permissions dialog (3).

Please note that these are assigned rights, i.e. the respective added group has access to the group members of the group of the open settings dialog.

Check assignment of rights

As the assignment of rights can be very complex under certain circumstances, it is possible to evaluate and check the rights settings.

Example screenshot Groups - Group name - Right-click on group - Call up group permissions

Group authorizations

Right-click on the group to call up the function "Group permissions...".

In the dialog that now appears, both the "received" (1) and the "assigned" (2) rights are evaluated.

Example screenshot: Group permissions - Group - Received permissions tab and Assigned permissions tab

The group displayed under (3) indicates the groups for which the rights are evaluated.
It can be changed via the "..." menu.
The other group is displayed under (4), with the option to switch to the "cross-group permissions" dialog for the respective group.

Origin of rights - global or by group

The other two columns show the origin of the rights, i.e. whether they are "Global" (5) or rights received/assigned at "Group" level (6). The "..." menu allows you to view the rights in detail and to edit the rights directly.

Special features when using a schema extension

When using a schema extension for user administration via Microsoft Active Directory, please ensure that version 8 or higher of the schema extension is used.

The group-to-group authorization is applied dynamically (like the previous rights) and does not require a restart of the server or the clients.

It is also applied automatically if the user's group membership changes.

Like all rights in ProCall, the group-to-group authorizations have an additive effect.

If the schema extension is available in an older version, the Group-to-group authorization dialog is only visible read-only and you receive a message that the AD schema extensionis not compatible .

To update the AD schema extension to the latest version, please run the "Active Directory Schema Setup" , which you can obtain with the "UCServer Tools for Active Directory".