Populate Group Privileges

Overview

The Group Privilege Populate process is launched from the Admin overview page by clicking the Populate Group Privileges link.

The process fills in the 'blanks' in the Group Table Privilege and Group Column Privilege tables for all existing security Groups. It will not overwrite anything and it is safe to run repeatedly.

The lower half of the window is used to determine how the permission tables will be populated. Each drop down contains three options:

Here is a more specific explanation of what a choice of undefined or deny will mean for each privilege:

Examples

Suppose a particular user is in five different security groups. Here are some scenarios looking at a particular table for a particular operation based on Group Table Privileges:

Here is another way to look at it: imagine that you need at least one point in order to perform an operation. You get one point for every Group you belong to that has Grant and zero points for Undefined. So as long as you have just one Grant, you can perform the operation. But, you get negative 1,000 points for any Deny. So a single Deny will wipe out all your Grants.

Moving onto Group Column Privileges, here are some scenarios: