Global Groups are a legacy feature that are not recommended to use in the latest version. They have been kept for backwards compatibility, but can cause a severe impact on performance due to the way they process information on the back end. Below, you will find a suggestion for a replacement.
Global Groups are simply groups that have permissions on all Systems. This can easily be achieved using a custom group and access policy.
1. Create a user group for the "Global" permission you wish to assign (ISA, Requestor, Approver etc.)
2. Assign your users to this new group.
3. Create a new Collection for the Systems for which this permission will be applied.
4. Assign the required Systems (or all Systems) to this Collection.
5. Assign an Access Policy to the Group for this Collection and this permission will be inherited down to all users and systems in question.
Here is an example:
New user Group: Global ISA
New Collection: My Systems
I will then assign all users who need ISA to the Global ISA group.
Then I assign the systems that I've chosen to the My Systems Collection.
I will then assign the ISA Access Policy so that the user group has the correct permission. This can be done from the point of view of the Collection or the Group.
Please refer to the Administration Guide for more detailed information on creating Groups and Collections and assigning Access Policies. Download here:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center