Enabling security limitations against users within Controller should be an essential step of your user setup process #
By default new users are enabled within Controller without limitation. To ensure users can’t access content they shouldn’t, you will need to assign a security group restriction.
User security updates are very easy to complete. You can assign limitations either against their individual User account or the User Group they are attached to.
Where the User is assigned to a User Group structure, the common approach is to view User Group configuration similar to defining the Company structure. This groups user profiles according to how the group reports its numbers. In doing so, the need to maintain security limitations often creates different access needs within the same subgroup. This in turn forces security configuration onto an individual User account level. If you have a relatively small user base, say 30-50 users, the work volume is relatively low. If you have a larger user base, this can become problematic, particularly when you need to make edits.
We recommend an alternative approach, that you view security configuration, not by the Group’s operating structure, but by its user roles.
- Who are the users responsible for loading data?
- Who reviews the data?
- Which users need global access? Etc.
By grouping users in this way, you will identify a small number of user roles for which different Menu (or system access) roles can be created. These new security groups are assigned to different User Groups and form the base skeleton for User Security Management. This structure is expanded by additional User Groups being attached, which you can restrict by the Company field according to operational needs. All User accounts are then sat within these sub User Groups, effectively restricting them by both Menu and Company fields, but without the need for maintenance on their individual user account level. Thus, the identification and edit of security settings can all apply on the User Group level, not individual User accounts. The result should be a far more efficient experience to user security management.
This article ignores the many other options for user security management such as by Forms, Import Specs, Extended Dimensions, etc. The majority of Controller customers focus their security configuration on the Menu and Company dimensions. You can of course utilise these additional fields by applying the same principles and logic as outlined here by rationalising what you want to secure via a security group restriction, then considering how this could be most efficiently managed within the security User Group structure.