Please enable JavaScript to view this site.

Nx Witness User Manual

Groups are a powerful and efficient method to manage User Permissions. Changes made to the Group are applied to all Group members. Groups inherit permissions when they are a member of another Group, which in turn could be a member of another Group.

Administrators and Power Users can create, configure, or delete Custom Groups.

Power Users can create, configure, or delete Custom Groups that do not contain Power Users.

Built-In Groups only allow members to be added or removed.

Groups can only be created, configured, and deleted using the Desktop Client.

Changes to LDAP Groups are stored in Nx Witness and not pushed to the LDAP Server.

oLDAP Group descriptions and Resource Permissions are configurable.

oNon-LDAP Users and Groups cannot be members of an LDAP Group.

oDeleting LDAP Groups within Nx Witness is not permanent, a deleted LDAP Group will be re-imported during the next LDAP sync.

oLDAP Group Name and Membership changes must be made on the LDAP Server.

oAn LDAP Group and non-LDAP Group users can be members of the same System Group.

The Web Admin and Cloud Portal will display which Groups a User is a member of.

The Web Admin and Cloud Portal will not display all members of a Group or Group Permissions.

Changes can be saved on each tab, or on any tab after all changes are completed

To configure Groups:

1.Open the Group Management dialog by selecting Main Menu > User Management dialog and switching to the Groups tab.

Optionally refine the list of groups by using the search box, filters, and column sorting options.

2.Click on a Group to open the configuration dialog.

3.Use the tabs within the Group configuration dialog in make permitted changes.

The General tab configures:

oThe name of any Custom Group.

oThe description of any LDAP or Custom Group.

oAll Permissions Groups where Permissions are inherited from.

The Groups tab provides:

oA view and search function for all Groups this Group can be a member of.

oA selection checkbox next each available Group which toggles Group membership.

oReal-Time display of all Groups the current Group is member of.

oA read-only view of LDAP Groups the current LDAP Group is a member of.

The Resources tab provides:

oA grid-view of Permission types and available System Resources.

oVisual display indicating if Permissions is granted, inherited, or not authorized.

oA preview of cascading Permissions that will be included with specific selections.

oHover-text that details where permissions are directly inherited from.

See "Permissions Management" for details.

The Global Permissions tab defines:

oIf Group members are permitted to view the Viewing the Event log.

oIf Group member are permitted to generate Event Rules.

The Members tab provides:

oA detailed view of all Group members, including Users from nested Groups.

oSelectable checkboxes to add or remove members from the Group.

Groups Memberships Inheritance Example

In the following example:

configure group

L1 User and L2 User are directly assigned to Group L1.

L3 User is a member of Group L1 via membership in Group L2 and Group L3.

L4 User is a member of Group L1 via membership in Group L3 and Group L4; both being members of Group L2.

Group L1 will have the same User Members if Groups L3 and Group L4 are removed as member of Group L1 since L3 User and L4 User are nested in Group L2.

! IMPORTANT: Be careful with nested Groups as improper inheritance can cause unintended Permissions granting and circular dependencies.