User Groups
Leverage user groups to automatically assign permissions to multiple users.
Overview
User groups allow you to quickly assign permissions to a large population of users. To define the group's membership, you simply create and apply a filter based on shared employee attributes. For example, you can create a user group for managers.
User groups provide dynamic management of users because employee information in the solution is updated regularly through data loads. If a user becomes a manager or moves out of management their data access will automatically change.
Note:
- You can manually add or exclude specific users from a user group.
- This feature is also available through Visier's public APIs. For more information, see Users API.
User groups are required for single sign-on (SSO) based auto-provisioning of users. For more information, see Auto Provisioning Users.
To create and manage user groups in a project, on the navigation bar, click Security > User Groups. For more information, see Create a User Group.
Can users belong to multiple user groups?
Users can belong to multiple user groups. Because user permissions are additive, users will get additional data access for each user group they belong to.
Example:
You create the following user groups for:
- Managers that provide sensitive access to their team.
- Everyone in a particular region that provides base demographic data access for the whole organization.
A user who is a member of both groups will get access to base demographics and sensitive data for their team as well as base demographics for the whole organization.
When should I use user groups?
User groups are ideal for managing access for user populations that change frequently and have very straightforward access requirements. For example, managers and HR Business Partners who are provided base level demographics to all users.
More security around data access management
Note: Limited Availability This feature is in limited availability. If you are interested, please contact your
Visier has also implemented additional safeguards that further limit who can manage permissions, change user groups, and preview as other users. We recommend that you turn on this feature to ensure administrators cannot access additional data or give themselves a higher access level than they have been assigned.
If this feature is enabled, administrators will need the Super Admin permission or the Access To All Data profile additional capability to perform the following actions:
- Assign permissions.
- Create and edit permissions.
- Create and edit user groups.
- Create and edit data access sets.
- Create and edit security filters.
- Preview the solution as a user.
In this section