When planning your organisation's ideal Security setup it is a good idea to brainstorm among senior staff and write down your proposed structure.
The Group that users belong to determines the features and information they can access. If the rights of the Group changes, the rights of the Users in that Group change too. You can create exceptions for specific Users (e.g. their Group can't see Valuations, but this User can), but this can become messy over time. Instead of setting up exceptions, it is often easier to create a Group for just one User, even if they will be the only person in that group.
Plan the Security Setup
1.Make a list of all of the people who need to access Vernon CMS.
2.Sort these people into broad Groups that need similar access or restrictions.
3.Start from the bottom up (from the Group with the fewest rights). List the fields, records, or actions that they should or should not be able to do. For example, the Volunteer Group should not have access to Valuation and Location fields. They can do reporting, but not use any Bulk Tools.
4.Write down the next Group and list what those Users can or cannot access. Continue doing this with all of your broad Groups or Users. Check to see if any of the Groups have similar access levels and could be combined into one.
5.Review the Users who are members of each Group and decide if any of them should have more rights or should not have some rights. If either situation is the case, consider making them members of a different Group instead, or create a new Group for just that User.
6.Organise your Groups into a hierarchy. Start at the lowest Group and figure out what is the next higher Group. A Group automatically inherits any rights that the Group below it has. So if you allow Public users to view records, the next Group up, Cataloguers, can view records automatically. By creating a hierarchy, you only have to add additional rights to each higher Group, rather than having to assign the full security to every level.
7.Using your Security outline, create the Users and then the Groups.
