User groups
User groups can simplify your user permission assignments for dynamic access control, field restrictions, and the Network Portal. To help you easily manage and maintain user groups, Network provides a number of system managed user groups.
You can also create custom user groups for specific purposes; for example, if you have several users that require access to the same data for a project or assignment, create a group for these users. When the project ends, you can remove just the user group instead of all of the individual users.
System managed user groups
Custom user groups must be manually maintained, so managing them for larger Network instances with many users can be time-consuming. The system managed user groups are read-only; Network dynamically adds and removes users based on their user type, status (active or not active), and security policy. You can use the system managed user groups to easily assign permission to the Network Portal and its applications.
| User Group Name | Description | User Types and Criteria |
|---|---|---|
| All Users | All active Network users. |
All of the following active user types: System Admins, Data Managers, Data Stewards, Standard Users, System and Data Admins, Portal Users, Integration Users. |
| All Users Except Integration Users | All active Network users except Integration Users. | All of the following active user types: System Admins, Data Managers, Data Stewards, Standard Users, System and Data Admins, Portal Users. |
| Data Managers | All active Data Manager users. | All active users with the Data Manager user type. |
| Data Stewards | All active Data Steward users. | All active users with the Data Steward user type. |
| Portal Users | All active Portal Users. | All active users with the Portal user type. |
| SSO Users | All active users with single sign-on (SSO). |
All users with SSO security policy. Any user that logs in using single sign-on is automatically added to this group. The security policy in the Security Settings must be Single Sign-on with SAML. |
| Standard Users | All active Standard users. | All active users with the Standard user type. |
| System Admins | All active System Admin users. |
All active users with the System Admin user type. |
| System and Data Admin | All active System and Data Admin users. | All active users with the System and Data Admin user type. |
| OpenData Communication Subscribers | Users subscribed to receive notifications from Veeva OpenData. |
Data managers, System Administrators, and System and Data Admin users. Note: This is a system-managed group, but it is maintained by Admin users for the Veeva OpenData Communications feature. It is not dynamically managed like the other system-managed groups. |
These groups can be used for dynamic access control, field restrictions, and the Network Portal.
Add users to system managed groups
Network automatically adds users to system managed groups based on their user type, status (active only) and security policy. If your user type changes, you are removed from the previous group and added to the group for your new user type. If the status of a user is no longer active, the user is removed from all system managed user groups. These changes are dynamic.
View user group details
To view more information and see a list of users included in the user group, select the group on the Users Group page Users & Permissions > User Groups. All system managed groups are read-only.
Create user groups
You can create user groups for specific business purposes.
To create a group:
-
In the Admin console, click Users & Permissions > User Groups.
- Click New User Group.
- In the Details section, add a Name and Description.
-
The Status is Active by default.
The user group can be changed to Inactive so that any dynamic access control rules or field restrictions using the group no longer provide access to the object or field.
-
In the Users section, click Add Users.
In the dialog box, active Network users display in the list by default. you can sort the list by user type, status, and data visibility profile. You can also use the search box to find specific users. The users that are not already included in the user group display in the list. Only active users display by default.
The count of users displays; for example, 14 results. The count updates if you filter or search for specific users.
-
Add users individually - Select the checkbox beside the user name.
-
Add users in bulk - Select the checkbox beside User. This selects all of the users that currently display.
Tip: To add most, but not all users, click the checkbox beside User to select all of the users and then clear the checkbox beside any user names that should not be added
Example - Adding users
You can search for users assigned to the Data Loading Jobs inbox task group. Click the checkbox beside User to select all of the users that match your search and add them to the group.
-
- When you have finished adding users, click Add Users.
The user group is created and can be applied to a dynamic access control rule, field restriction, or Network Portal permission.
Removing users
Users are removed directly from the user group configuration page.
-
Remove individual users - Select the checkbox beside the user name and click Remove Users.
-
Remove multiple users - Select the checkbox beside Name. All users will be selected. Clear the checkbox beside any users that you want to remain in the group and click Remove Users. The users are immediately removed from the table. The users will be removed from the group when you save the User Groups page.
Audit
All changes made to custom user groups are tracked in the System Audit Log.