Manage user groups

Add
FactoryTalk
 user,
Windows
-linked user, cloud-based authentication group, and LDAP-linked user group accounts to
FactoryTalk
 user group accounts.
Windows
-linked user groups, and the user accounts they contain, can move from one domain to another while keeping security permissions for the group accounts intact.
FactoryTalk Services Platform
 includes these built-in user groups:
Group Name
Description
Administrators
Add user accounts to the Administrators user group to grant those user accounts full control of areas, applications, users, and groups in the
FactoryTalk Directory
. These permissions are defined by default.
Engineers
No users or permissions are defined by default in
FactoryTalk Services Platform
. Other software may use this group to establish permission sets.
Maintenance
No users or permissions are defined by default in
FactoryTalk Services Platform
. Other software may use this group to establish permission sets.
Key points about user groups:
  • User group accounts exist only in the
    FactoryTalk Directory
     in which created.
  • FactoryTalk
     user accounts cannot be members of
    Windows
    -linked user groups.
  • The
    Windows
    -linked user group, individual
    Windows
    -linked user, cloud-based authentication group, LDAP-linked user group accounts can be members of
    FactoryTalk
     user groups. This allows use of
    FactoryTalk
     user groups when setting permissions.
  • A
    FactoryTalk
     user account or
    Windows
    -linked user account can be a member of more than one
    FactoryTalk
     user group and cannot be a member of cloud-based authentication group and LDAP-linked user group.
  • Cloud-based authentication group and LDAP-linked user group can be a member of more than one FactoryTalk user group, but cannot be members of Windows-linked user groups.
    IMPORTANT:
    • Managing user groups requires explicit permissions. To verify permissions, in
      FactoryTalk Administration Console
      Explorer
      , expand
      System
      , then right-click
      Users and Groups
       and select
      Security.
       Confirm the permissions listed in the prerequisites for the task are present with the logged in user account.
    • If an action is set to
      Deny
       for the user in any one group, then the
      Deny
       takes precedence over any
      Allow
       setting in a different group of which the user is a member.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal