Solved

Options for Process Group Permissions

  • 17 August 2023
  • 2 replies
  • 72 views

Badge

An area of our business is an independent auditor who audits our own organisation, as well as other similar organisations (competitors). Although we still need the staff in that ‘group’ to access HR, finance, IT and corporate processes, we do not want them accessing (e.g.) operations processes. Firstly, they may see something (accidentally or otherwise) that will make them focus attention during a future audit. Secondly, having access to those processes could undermine their position as an ‘independent’ auditor in the eyes of our competitors and leave us exposed.

Using the Process Group Permissions, it’s relatively simple to restrict viewing access to just those (@20 staff) within that group, but it looks like I will have to remove ALL STAFF from every other group in the organisation, then individually add the other @1200 staff to every group, making sure that I don’t include those who are in the auditing group.

Does anyone know of a better way to do this?

icon

Best answer by tonyajeank 23 August 2023, 19:27

View original

2 replies

Userlevel 3
Badge +8

Click “Select All”, then uncheck “All Staff”, it highlights all roles.

Then you can just uncheck “Auditor” role.

Userlevel 1
Badge +2

I didn’t want to have to add all roles to all groups because then I’d have to make sure I always add new roles to every group going forward, but I had a similar issue with using the All Staff role. 
   
So, I added all users (except the limited access users) to a “full access” role as well as their normal roles, removed All Staff from all groups, and added “full access” to all groups… then for limited access users, I put them in a limited access role that I add to only the groups they need to see.

   
When I first set it up, I used the export & import functions to load users to the new roles all at once. This may not be the best way to deal with it, but it limits access to groups as needed and also restrict minimode links to just authenticated users.
   

BTW, if you do remove “All Staff” from a group, integrated SharePoint search won’t return process links from that group, but that’s another story.

Reply