Action groups

Group the actions that can be performed on a resource. Define security once for the action group, rather than for each action separately.

When adding an action group decide:

Use action groups to assign permissions based on any convenient grouping. For example:

Once added, the action group the group appears in

Security Settings.

Right-click an item and select

Security

. The new action group appears in the

User Action Groups

category in the list of actions.

Assign

Allow

or

Deny

permissions to the action group, which then automatically assigns the permissions to the individual actions within the group.

Beware of conflicting permissions

To help prevent conflicting permissions, cannot include (nest) action groups within other action groups.

The same action can be included in multiple action groups. This can cause conflicting permissions. For example, when the same action is included in two groups that apply to the same resource, and the first action group explicitly Allows permission, but the second action group explicitly Denys permission, the user is denied permission for the action that the two action groups have in common. Deny permissions always take precedence over Allow permissions.

Deleted action groups are not restored by creating a new action group using the same name

When an action group is deleted, any explicit permissions assigned to that group are no longer in effect.

For example, suppose an action group named "Operators" was used to explicitly grant write access to an area named "Mixing" for a user account "Chris". If the "Operators" action group is deleted, "Chris" can no longer write to the "Mixing" area. Creating another "Operators" action group will not restore "Chris" the ability to write to "Mixing".

If an action group is inadvertently deleted and restoring the FactoryTalk Directory from a backup is not feasible, all security permissions assigned to the resources that were using the action group must be recreated.