Once you have mastered the standard permission groups and have used profiles to set up the Gluu view you want for certain groups of user, you might still find yourself wanting a more detailed access control to processes for certain user groups.

Maybe you want to limit access for individual departments or geographical sites so that they only see processes relevant to them to lower complexity, maybe you want to assign members of your process excellence team process creation and editing rights to a certain category, but not the entire account or maybe you want to limit access for external consultants to see and edit only certain processes in your process hierarchy.

This is where custom permission groups become a handy tool.

If you would like to control permissions to processes within a Category or Group, a custom permission group is the way to go.

A typical scenario is that a subset of your users should only see some of your processes, and you can limit their access and/or their editing rights to specific areas based on permission groups.

You should aim to keep these groups designed so that the users only have to be a member of a single permission group.

First, go to Roles and click Permission Groups

Second, add a new Permission Group:

TIP! 'Not specified' just means everything that is not already mentioned in any of the permission group steps.

You can assign editing rights to certain areas of your account as well using permission groups instead of everywhere like with the global permission groups.

Say you have external consultants working for you for a limited time focused on certain processes or you have a process excellence department where team members have different areas of responsibility, this can be quite helpful. It saves you the trouble of having to assign them as process owners/editors to individual processes to be able to edit them and you do not have to allow them the ability to create new processes in all categories and groups, it can be limited to only a few using permission groups.

However, sometimes the simple structure where users are only members of one permission group is not enough. To meet that need, you can have multiple permission groups that each unlock a certain subset of processes, and if the user is a member of multiple permission groups the combined permissions will be applied.

Below is a simple example, but since this scenario is rather complex and only applies when you have users with access/editing needs that overlap the permission groups mentioned above (users need to be in multiple groups to have their needs met), you might find yourself needed our help to set it up. It that case please feel free to reach out.