KB User's Guide - Users Tab - User Access Groups

This document describes how to set up and use User Access Groups.

Overview

KB group administrators can create custom subgroups of users, called User Access Groups, to further control access to documents owned by the group.

User Access Groups are most often associated with individual documents to restrict read and/or write access to the members of the group. This means that members of User Access Groups can access more documents (either in terms of viewing or editing) than non-members.

They can also be associated with a topic to give User Access Group members the "publish" permission on docs associated with that topic, even if those users do not have full publish permissions granted for their account.

All group settings, including membership, can be modified at any time.

TipLightbulb symbol

You can also create the dynamic equivalent of a User Access Group by creating a "doc-level" Group Authorization rule. This will populate a group based on user attributes, such as the campus unit they work for.

Creating a new User Access Group

  1. In the KB Admin Tools, navigate to the Users tab.

  2. Click on the User Access Groups link on the left navigation bar.

  3. In the Add a user access group table, enter a User Group Name and User Group Description (optional), then click the Add button.

  4. Find your new User Access Group and click the Members button.

  5. Select the "Member" check box for the users you would like added to the group. Once you have selected everyone who should be a member of the group, click Update.

Editing an existing User Access Group

  • To change a group name:

    1. Enter a new Group name in the Group Name field.
    2. Click the Update button at the bottom of the page.
  • To change a group's description:

    1. Enter the new description in the Group Description field.
    2. Click the Update button at the bottom of the page.
  • To add or remove members:

    1. Click the Members button for the appropriate Group.
    2. Check or uncheck a box to add or remove a member.
    3. Click the Update button to save changes.
    4. If refreshing, you may click Select All or Deselect All to make it easier to clear the list.
  • To deactivate or activate a group:

    1. Toggle the Active checkbox as checked or unchecked depending on whether you are activating the group (checked) or deactivating the group (unchecked).
    2. Click the Update button at the bottom of the page.
  • To delete a group:

    1. Click the Delete button to the right of the group. 
    2. Confirm your choice in the dialog window. Please note that deleting the group will remove any document restrictions the group had previously been controlling.

Applying User Access Groups

User Access Groups can be associated with documents to restrict write and read access, or to topics to grant conditional publish rights.

Restricting write access

You will find your active User Access Groups listed in the Write access section of the document edit screen, typically collapsed under the "Show all write access" toggle. Checking one or more groups will limit the number of people who can edit the doc, though the exact population of authorized editors will also depend on which standard write access option you have chosen for the doc.

If "Owner" or "Owner group admins" is selected, then checking a User Access Group will add those members as editors. If "Owner group" is selected, then checking a User Access Group will reduce the number of editors to just the members of the User Access Group (as well as the owner, who always retains write access).

For example, in the image below, the "Owner group admins" have permission to edit this document, as do the members of the "KB Team" User Access Group. This means that everyone who is defined as a group admin can edit the document as well as the "KB Team" group members.

The write access section of the document, with the owner group admins radio button selected and the KB Team user access group box checked.

Note: Other groups populated from Group Authorization rules may also appear in the write access section. See KB User's Guide - Users Tab - Group Authorization for more information. You can hover your mouse over a group to see a tooltip that will either display a list of members (if it is a User Access Group) or the criteria for the rule (if it is from a Group Authorization rule). 

Authors who do not have write access to a document will see the following, depending on whether they have the publish rights in your group space:

  • If they do not have publish rights, they will be unable to access the edit screen for that document. The "Edit" button for the document will appear to be disabled, and attempting to access the edit screen directly will result in an error message.

  • If they do have publish rights, they will be able to access the edit screen, but all of the text fields will be grayed out. They will still be able to edit most of the settings below the document, such as topics and site access. They will not be able to save changes to the write access setting, i.e. they cannot grant themselves access this way.

Restricting read access

You will find your active User Access Groups listed in the Read access section of the document edit screen, typically collapsed under the "Show all read access" toggle. Checking one or more groups will limit the number of people who can view the doc, both in the KB Admin Tools environment and your internal site. Please note that the owner of the document always retains read access.

Authors who do not have read access to a document will see the following, depending on whether they have the publish rights in your group space:

  • If they do not have publish rights, they will be unable to view the document or access the edit screen for that document. The document title will not display as a link, and the "Edit" button for the document will appear to be disabled. Attempting to access the document or edit screen directly will result in an error message.

  • If they do have publish rights, they will be able to access the edit screen, but all of the text fields will be grayed out, and the text will be replaced with a line stating that they do not have read access. They will still be able to edit most of the settings below the document, such as topics and site access. They will not be able to save changes to the read access setting, i.e. they cannot grant themselves access this way.

Note: Other groups populated from Group Authorization rules may also appear in the write access section. See KB User's Guide - Users Tab - Group Authorization for more information. You can hover your mouse over a group to see a tooltip that will either display a list of members (if it is a User Access Group) or the criteria for the rule (if it is from a Group Authorization rule). 

Granting publish rights based on topics

You can associate a User Access Group with a topic in your topics tree with the Admin group topic setting. For more information about topics, please see KB User's Guide - Topics Tab - Adding, Editing, and Deleting Topics.

The admin group dropdown is the fifth field in the topic settings, which are access under the topics tab by clicking on the appropriate topic level in the secondary navigation.

When any member of the selected User Access Group edits a document with that topic assigned to it, they will have the ability to publish (aka activate) the document, even if their user account does not have the "Publish" permission checked.

This is useful for cases where you want to allow an author to publish documents that are specifically related to their area of expertise.



Keywords:
kb knowledge base user guide users access groups add create new list readaccess writeaccess view document restrictions controls visible visibility hide internal members select deselect update reset save as .csv .CSV 
Doc ID:
6691
Owned by:
Leah S. in KB User's Guide
Created:
2007-11-08
Updated:
2024-10-01
Sites:
KB User's Guide