Object Group Manager
The Object Group Manager lets you group objects and then associate them with individual users or user groups. Open it with the Settings > Permissions > Object Group Manager menu item. Permissions are attached to each association. For example, you can associate the principals Administrators and Trainees with a Dell Vendor object group, and can attach one set of permissions (read, write) to the association between Administrators and the Dell Vendor object group, while attaching another set of permissions (read) to the association between Trainees and the Dell Vendor object group.
Figure 16-21 Object Group Manager
This application also provides “natural groupings,” automatically creating a dynamic object group whenever you add an entity belonging to one of the natural groups the system. The following are some examples of natural groups:
Object Vendor -- All objects that refer to a particular vendor.
Location -- All objects that refer to a given location.
Role -- Within this application, objects can refer to a role. The role can describe the use those objects have within the network -- core router, for example, as opposed to edge router.
You cannot make individual interfaces part of an object group, but you can assign a role to them. Roles make natural groups, and you can use those role-based groups to manage the access to individual interfaces.
The system administrator and add-on products can add other groups to this list, and can add objects to those groups.
To add a new object group, click New below the list of available groups and name the group in the subsequent screen. Accept that name to add it to those listed.
All users inherit OWPublic's permissions. You must remove OWPublic's read permissions from things in Object Group Manager to conceal those items.