Group Policies: Apply User Permissions to Groups of Users
The Group Policies page enables you to set up groups of users who will share common privileges. To create a new group policy, click Create New Policy. Alternatively, to expedite the creation of similar group policies, click Copy to create a new policy with identical members and permissions. You can then edit this new policy to meet your specific requirements.
Assign users to the group, selecting from your local system or from configured security providers. If your security providers are properly configured, you can also add entire groups to simplify the process.
To add users, click the Add button beneath the Policy Members field, select the appropriate provider from the drop down and click on the desired users or groups. To add users/groups from external directory and/or authentication services such as LDAP or RADIUS, configure the necessary providers as described in the "Security Provider Configuration" guides. Once these are configured, they will appear in the provider drop down when adding Policy Members as described above.
For each setting, select whether it should be defined in this policy or left available for configuration for individual users. If it is defined, you will be unable to modify that privilege for an individual user from his or her user account page.
If you have a policy that defines a permission and you do not want any policy to be able to replace that permission, then you must select that the permission cannot be overridden, and the policy must be a higher priority than other policies that additionally define that setting.
A policy is considered to be higher in priority when it is higher in the list of group policies. The system starts at the top of the policy list and works its way down to the bottom, calculating permissions along the way. If a permission can be overridden and a policy further down the list sets the same permission for the same user, then the policy lower down the list will override the policy higher in the list. Alternatively, if a policy is higher in the list and defines a permission which cannot be overridden, then policies further down the list will have no impact on the permission. The topmost policy is the one which defines the permission in this case.
Say, for instance, that your Administrators group is allowed to edit the public template and that this policy is first in priority and prevents override. Even if users in the Representatives group are defined as unable to edit the public template and override is also prevented, users who are in both the Administrators and Representatives groups will have the privileges of the Administrators group because it is a higher priority level.
However, if the Administrators group permissions are set to allow override and the Representatives group permissions are not, then the Representatives group permissions will have precedence, even if they are a lower priority.
For management purposes, the recommended order of priority is to define policies for more specific user groups as a higher priority (preventing override) and to move your way down from there, setting broader groups as lower priority. To set priority, click Change Order on the main page and then drag and drop group policies. Click Save Order for prioritization changes to take effect.
Click Save Policy to put the policy into effect.
Additionally, you can export a group policy from one site and import those permissions into a policy on another site. Edit the policy you wish to export and scroll to the bottom of the page. Click Export Policy and save the file.
Note: When exporting a group policy, only the policy name, account settings, and permissions are exported. Policy members, support team memberships, and Jumpoint memberships are not included in the export.
You may now import those policy settings to any other Bomgar site that supports group policy import. Create a new group policy or edit an exiting policy whose permissions you wish to overwrite, and scroll to the bottom of the page. Browse to the policy file and then click Import Policy. Once the policy file is uploaded, the page will refresh, allowing you to make modifications; click Save Policy to put the group policy into effect.
Note: Importing a policy file to an existing group policy will overwrite any previously defined permissions, with the exception of policy members, support team memberships, and Jumpoint memberships.