Use User Group Maintenance (36.3.4) to create groups that can be used to control access to various aspects of system use and associate them with domains and users.

Two administrative user groups are required in the system:

Although they can streamline security setup and administration activities, groups are not required to control access. Depending on your security requirements, you can also control access based on individual IDs or not at all.

You also can assign user IDs to existing groups by domain in User Maintenance (36.3.1). To use this method, just set up a group name and description in User Group Maintenance, and set Update Groups to Yes in the domain frame of User Maintenance.

Use the first frame to enter a name and description for the group. Then specify the domain with which you want to associate group records. The domain must be defined in Domain Maintenance (36.10.1), and the Active field must be Yes in that program.

See Specifying User Groups.

The system lists all users currently assigned to this domain/group combination. To add a user ID, navigate to the User ID field in the bottom frame and enter a user ID defined in User Maintenance. If the user is not currently assigned to the domain, User Group Maintenance automatically creates that association.

If you enter a deactivated user ID—one that has Active set to No in User Maintenance—the system displays a warning message. Although the user ID is considered part of the group, the user cannot log in to the system until the user ID is reactivated.

See Active.

To delete a user ID from the group, select the ID from the list and choose Delete. Confirm the delete to continue.

To delete a group, you must first delete all the domain-specific group records. Navigate to the Domain field and choose Delete. When you confirm the deletion, the system removes all references to the group from access lists associated with each domain. After deleting these records, the system prompts you to delete the group itself.