Users - Groups

Description

Groups are used to organize all users in Cyclos. Users can be organized in groups and groups can be organized in groupsets. Products can be added to a member group and in this way the admin can control which permissions the members of this group have. Also a configuration can be assigned to a group, determining how Cyclos looks, feels and behaves for member from this group. The permissions of the admin groups can be set in the group itself, but it is possible to add 'admin products' for system with many admin groups that have shared permissions.

Business rules

Every user in Cyclos must belong to a certain group.
Groups can belong to a groupset, but this is not obliged.
There are three types of groups: member, broker and administrator groups (the two special administrator groups are explained below).
Only one configuration can be assigned to a group.
The administrator's permissions can be set in the group directly. Technically only one product is assigned to administrators and this product is unique for this group. However, it is possible to create admin groups (only required for systems with many admin groups that have shared permissions).
A group's groupset can only be unassigned from the group if the group set has no products directly connected to it.
Rules for group change are described on the user's page.

Network Administrator

When a new network is created, this group will automatically be created for this network. This group always has the permissions listed below. In this way there is always a group that can configure the system and the control of the network system cannot be lost by deleting products.

Global Administrator

This is also a build-in group for Cyclos. This group (accessible in global mode) has the permission to create new networks. When switched between a network admins of a global group will inherit the permissions from the network administrator group.

Disabling groups

Groups have a property "enabled", which can be set to false or true, when set to true the group is enabled, when set to false the group is disabled.
In most cases a group is disabled, because you want to hide it and cannot delete it.
Groups can only be disabled if it does not contain any members.
Disabled groups are never shown in the list, except when explicitly requested via the search options of a group filter.
When a group is disabled, the following actions are taken:
- The group is removed from the accessibleBasicGroups property of any user group. It is kept in the accessibleBasicGroups property of admin groups, because admins must be able to view this group.
- The group is removed from any configuration, that is:
  - Remove it from possibleInitialGroups
  - Remove it from visibleGroups
- The group is removed from possibleInitialGroups of BrokerProducts.

Deleting groups

Only groups can be deleted that do not have any members.
Only groups can be deleted that never had a member in it (when the group history log is empty).

Deleting groupsets

Groupsets cannot be disabled, they don't have an enabled property like groups do.
Groupsets can only be deleted when it has not groups under it anymore:
- This means that an admin who wishes to delete a groupset, must first go by all the groups in the groupset to set the groupset property of these groups to some other groupset, or to null.
- In this way no members can be deleted.

Pages

Search & details

Search page (filters)

Fields	Type	Rules
Group name	Text	Allows the admin to search groups by there name.
Type	Single selection	The possible options are: Group set Administrators group Broker group Member group
Group set	Single selection	Allows filtering the search group sets. Shows all group sets and the default value "All". Should be hidden if type is "Administrators group" or "Group set".
Show disabled groups	Boolean	When this checkbox is selected also the disabled groups are shown in the list. Not selected by default. Should be hidden if type is "Group set".
New	Multi action button	Opens a details page for inserting a new group or groupset. Has the options for group type: Group set Administrators group Broker group Member group
Search	Action button	Executes the search, shows all groups with the selected filters All groups are sorted by: type (admins first) Alphabetically ordered in hierarchy branch

Search result (list *)

* When disabled groups are selected to be shown in the search filter, the disabled groups are shown striped trough in the search results list.

Fields	Type	Rules
Group	Text (read only)	The name of the group. The name is 'striped through' if the group is disabled. The name has an arrow icon displayed before it when the group belongs to a groupset which is displayed above it.
Type	Text (read only)	The group type (Administrators group, Group set, Broker group, or Member group).
Remove	Trash bin icon	Will remove the group (see business rules in section above)

Details page

Fields	Type	Rules
All groups fields
Name	Text	The name of the group. Required.
Internal name	Text	Not required but recommended. For cyclos scripting it is better to use the internal name instead of the group name (so that the group name can be changed if necessary)
Description	Text area	The description of the group. Max. length: 2000 characters.
Configurations	Single selection / Link	The configuration of the group: This will show the complete configuration tree (path) applied to this group. Selecting the 'View' link will open the Configuration tab that will show the details of the applied (combined) configuration.
Products	Link	The products assigned to the group. Not visible for "Admin group" type. Only visible after the group is created (when editing the group). A list of products assigned to the group is shown, sorted by the level "Group set" and "Group". In the format: Group set: <product 1>, <product 2>, <etc>. Group: <product 3>, <product 4>, <etc>. If there are no products in one of these levels, the line is not shown. Selecting the 'View' link will open the Products tab which shows the details of the applied (combined) configuration.
Member, Broker and Administrator group fields
Enabled	Boolean	Allows the administrators to disable the group. Checked by default; Can only be disabled if the group has no members, see business rules above.
Type	Text (read only)	Defined at group creation (multi action button) and can thus not be changed. The roles are determined by the product the group has: For "Administrators group", only shared administrator products can be added and thus have always the role admin. For "Member group", only member products can be added. For "Broker group", member and broker products can be added.
Member and Broker group fields
Group set	Single selection / read only text	Here you can select the Group Set the group is part of. Only visible for type "Member group" or "Broker group". A new GroupSet can be assigned to a group if (and only if) one of the following conditions applies: No GroupSet is assigned yet to the group. The existing GroupSet which is assigned to the group has no products directly assigned to itself. If a new groupset can be assigned, it is shown in a single selection field. Otherwise read only text is shown.
Inherits group set configuration	Boolean	If selected the group will receive the group set configuration from the group set. So if the configuration of the group set changes it will be applied automatically to the group that has this setting enabled. Only visible if "Group set" has a value
Move users automatically	Boolean	Enables the option to move users automatically to another group after they have been registered in this group for a certain period of time.
Move users to group	Single select	The group where the user are moved into. Only visible if "Move users automatically" is true. Required when visible. Shows all user groups.
Move users after	Time interval	Determines the period after the registration when user are moved to another group. Only visible if "Move users automatically" is true. Required when visible. The amount must be between 1 and 9999 days, weeks or months.
Global restricted administrator group fields
Manage networks	Multi selection	Gives the admin the permission to manage specific networks
Can register networks	Boolean	Gives the admin the permission to create new networks (and manage them)
Possible configurations for new networks	Multi select	Shows configurations the global admins can extend when creating a new network. Only visible if 'Can register networks' is true. Is required
Maximum managed networks	Integer	The maximum amount of networks that can be managed by users of this group
Registration settings section Only visible for groups with type "Member group", "Broker group" or "Administrators group".
Initial user status	Single selection	Status for newly registered users under this group. Only affects new users - existing users moved to this group won't be affected. Is required. Available options: Active, Blocked and Disabled.
Name in registration	Text	When this group is used for public registration (set in the configuration) this name will be shown at the page the client can decide which group to register for. Max length: 100 characters.
Description in registration	Text area	When this group is used for public registration (set in the configuration) this description will be shown at the page the client can decide which group to register for. Max length: 4000 characters.

Products (tab *)

* Not visible for Administrators group

Assigned Products

Fields	Type	Rules
Assign group/group set product	Multi action button	Adds a new product to the group / group set (depending the subject of the page). If the current group is a member group, show all Member products that are not added already If the current group is a broker group or group set, show all Member and Broker products that are not added already Only visible if the admin has the User configuration - Manage. If there is only one available product to add, show the product name at the button label: Add product: <product name>
History	Action button	Show the history of the group changes
Group products Only shown if subject is a "Member group" or "Broker group"
Product assigned to group	Text	List with products assigned to the group
Type	Text	Show product type
User account	Text	Show user account (configured in the product)
Delete	Icon button	Delete group Only visible if the subject is a "Member group" or "Broker group".
Group set products
Product assigned to group set	Text	Name of product assigned to group set
Type	Text	Product type
Remove	Icon	Remove group set Only visible if the subject is "Group set"

Active products search (filters)

Only visible if one or more assigned products are applied on specific channels and / or user identification methods

Fields	Type	Rules
Channel	Single selection	Select channel Possible options: all available Channels
Identification method	Single selection	Select Identification method Possible options: all available Identification methods
In the member and broker groups the combined product is shown at the bottom of the Products tab. For admin groups the only the current group permissions are shown and for the combined permissions there is a dedicated button (View combined permissions). This button will open page will show the combined product of all the products assigned to admin group Admin groups only See User-Products page

Permissions (tab)

Administrators groups do not require products to be assigned (although it is possible). The permissions of the admin group can be found directly in the group under the 'permissions' tab.
Only visible for "Administrators group", but not for Global groups
See Users_-_Products#Page:_Administrator_product_details.

Action panel

Fields	Type	Rules
Assign shared product	Multi action button	For systems with many admin groups that share permissions it is good practice to create a admin product (containing the shared permissions). Only visible if exist Administrator products in network which are not already assigned Possible actions: Select to assign a shared admin product
View combined permissions	Action button	Show all permissions in one page Only visible if the group has one or more shared administrator products assigned
History	Action button	Show the product change history Only visible if exist Administrator products in network

Shared admin product assigned

Show result if the group has shared administrator products assigned, else show the message "No shared products assigned"
Only visible if exist Administrator products in network

Fields	Type	Rules
Shared product	Text	Shared product name Clicking the row will show the product details page
Trash bin / remove	Clickable icon	Will remove the shared product from the group

Own permissions (admin)

Fields	Type	Rules
Own permissions	Heading	Only visible if an Administrator products exists in network
Edit	Icon	On click allow to edit the Administrator group permissions
Edit	Button	Only visible if "Own permission" heading is hiden
The section below it shows a (not editable, read only) form which looks like Permissions details, but shows all actual values for the fields (read only) of the product/permissions.

Configuration (tab)

Fields	Type	Rules
Set configuration	Single Selection	Displays the tree of the active configuration. Rules: Only visible if the loggedUser has System configuration - Manage permission. The elements of the singleSelectionField are shown with indentation, reflecting the hierarchy of the options: an option which is a sub-configuration of another configuration is shown below that other configuration, and the name is indented. The present selected option of the single selection field is the actual configuration of the subject.
Apply	Action button	rules: only visible if previous item is visible. assigns the configuration to the group. refreshes / updates the page.
Active configuration	Text (read only)	Shows the configuration hierarchy in a text on one single line. First the global level each level separated by a > sign. Example: System default > England > England users.
URL	Text (read only)	The URL of the configuration
The section below it shows a (not editable, read only) form which looks like Configuration details, but shows all actual values for the fields (read only) of the final (combined) configuration.