When working with Windows Security your users and potential user groups have already been created as part of the domain. (Please refer to the appendix for further explanation on creating users and groups in the Active Directory).
Best Practice
We strongly recommend working with Windows Security, where possible.
Best practice would then be to create a number of Active Directory (AD) Groups e.g. “TARGIT Designer Users”, “TARGIT Consumer Users”, “TARGIT Norway Sales Office”, “TARGIT Sweden Sales Office” etc. These AD groups will then be added to TARGIT Management with appropriate Rights and Roles.
Example:
Active Directory Group |
Purpose |
TARGIT Designer Users |
Members of this group should be given “Designer User” Rights. No limitations with regard to Roles (data). |
TARGIT Consumer User |
Members of this group should be given “Consumer User” Rights. No limitations with regard to Roles (data). |
TARGIT Norway Sales Office |
Members of this group should be limited to see Norway data only through a Role with a Forced Norway criterion. No limitations with regard to Rights. |
TARGIT Sweden Sales Office |
Members of this group should be limited to see Sweden data only through a Role with a Forced Sweden criterion. No limitations with regard to Rights. |
From the example above, by adding an individual person to multiple AD groups, you can create e.g. a Designer user with access to Norway data only.
Once these AD groups have been created and added to their appropriate TARGIT Rights and Roles, they will require only a minimum of administration. Your job, as an Administrator, will then mainly focus on adding, moving or removing individual persons from the AD groups only.
Comments
Please sign in to leave a comment.