TABLE OF CONTENTS
Purpose
Security Groups provide a structured approach to managing user access within the CGR platform. They define the level of access users must registers and modules within (i.e. Risk) to ensure users receive only their required access.
Key Features & Functions
- Manage User Access Efficiently – Assign permissions at a granular level to users, ensuring appropriate access to registers and locations.
- Centralise Access Control – Maintain a structured and centralised permission management system.
- Provide Granular Control – Define user capabilities such as Read-Only, Edit, CRUD (Create, Read, Update, Delete), and Admin access.
- Streamline New User Onboarding – Assign default access levels to new users automatically. Off-boarding guidance can be found here.
Important Notes
- All users must be assigned to a Security Group to access registers or their modules they are not directly related to (i.e. Owner of a Risk).
- Must be a System Administrator to Create and Update permission sets of a Security group
- To add a user to a Security Group, a user must be:
- System Administrator
- System Administrator
If Team Management is enabled**
- Team Administrator
- Team Manager
**Team Administrators and Team Managers can only assign security groups linked to their team by a System Administrator.
Step-by-Step Guide To Create a Security Group
- Access the Admin Section from your name dropdown in the top right, then 'Security Groups'.
- Click on the blue ‘Add’ button.
- Complete the key fields.
| Field | Description |
| Title | Enter a suitable title (e.g. Compliance – Read Only). |
| Description | Provide a brief explanation for future reference. |
| Available to Teams | Select the teams that can access this security group. |
| Active | Indicate if the group is active and can be assigned to registers. |
| Default | Decide if new users should be added to this group by default. |
| Default Project Permission Sets | These will automatically apply to all new projects created. |
4. Assign permission sets to registers.
- Scroll down to the Register [Projects] section and click on the edit icon.
- Assign the relevant permission set, tick 'update entire subtree' to apply permission sets to all the sub-registers.
- Save.
5. Adding new users/ roles to the security group:
- At the top of the page in the user/ roles section, click 'add' to assign new users to the security group and grant the associated permissions.
Best Practices to avoid Issues
- Use a clear naming convention – Recommended format: Register name + an abbreviation for the permission set (e.g., Register XXX – CRUD).
- Assign users/roles appropriately – Ensure users have security groups that align with their roles and responsibilities.
- Regularly review permissions – Revoke unnecessary permissions for registers, users, and roles to align with access requirements.
- Monitor default assignments
- Ensure default security groups are configured carefully to prevent unintended access for new users.
- Ensure that the default permission sets within the security groups are configured correctly.
Common Issues & Troubleshooting
| Issue | Solution |
| User cannot access a register. | Verify their security group assignment and permission set for the specific register via Security Group. The same can be checked via the user’s Access Control Matrix. |
| User was just added and can see data they shouldn’t. | Check if ‘Default’ checkbox is enabled for any Security Group. Default Security Groups will be auto assigned to all new users. |
User is not assigned to a security group, but he is able to access all registers OR Users get access to all registers despite their security group restrictions. | Check if a Global Permission Set is enabled, as this grants default access to all users. |
| User belongs to a team linked to security groups but cannot access registers. | Ensure that team members are explicitly assigned to the team’s security groups, as these are not automatically applied based on team membership alone. |
| User can see a few registers but there is no linked Role or Security Group on the User page. | A user can be assigned a Role through their teams. Security groups assigned via teams won’t appear on the User profile page but still apply to the user. |
| How to see security groups linked to a user in a user centric setting. |
OR
Note: The Access Control Matrix is a read only view to show what level of access per module/register a user is being granted access to. This view does not currently demonstrate which group is providing the access. |
| Can't find 'Security Groups' but can see 'Roles' instead. | If 'Roles' are visible instead of 'Security Groups' on a User, the system is Role-centric. Check the assigned Role in the Admin section to view linked users or security groups. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article