User Group Manager
Default Role and User
SSH Strict Host Key Checking
Object Group Manager
Application Security Policy
Group Rights Summary
This application enforces security several ways, including permissions, authentication, and security policies. The various Managers and interfaces that set and view security settings appear in the Permissions submenu, shown below. Access it by selecting Settings > Permissions.
Figure 16-1 Permissions Submenu
You can also create resource roles (from File > Open > Inventory > Resource Roles, see Resource Roles for details). For each resource role the application automatically creates an object group and puts any resources in the role in that object group. You can then give users or user groups permissions against that object group.
All users inherit OWPublic's permissions. You must
remove OWPublic's read permissions from things in Object Group Manager
to conceal those items.
Also: Functional permissions originate with users and user groups, and are application-wide. See Permissions and All Permissions. When concatenated with other permissions they are additive (unions, not intersections).
Best practice when trying to restrict user access to particular functions is to create a user group (see User Group Manager), and assign the desired functional permissions to that group, then assign users (see User Manager) to that group.