Atom
Queries & Search

Group Access

What access comes from principal group membership.

Principal groups are who-containers. A role assigned to a principal group is inherited by its members.

Group access asks:

What will members receive through this principal group?

Useful results should show:

  • group members;
  • roles assigned to the group;
  • permission blocks inside those roles;
  • effective actions;
  • object group or object boundaries;
  • deny rules that apply through the group.

Use this view before adding a user, service, or device to a principal group.

Previous

Role Holders

Next

Effective Actions