Configuring Groups (Roles)
A group (role) is a collection of users categorized by their job titles or responsibilities, regardless of which department they belong to.
Example:
- A group (role) for managers
- A group (role) for the team members developing a new product
Groups (roles) are selectable options of "Group selection" fields. You can set permissions for each group (role), or specify groups (roles) as process management assignees.
Group selection
Managing groups (roles)
You can create and manage groups (roles) in the Groups (or Roles) settings in Users & System Administration.
There are two types of groups (roles): static and dynamic.
- Static groups
Static groups are created by specifying users.
The members of a static group do not change unless a cybozu.cn Administrator adds or removes them.
For details on how to set up static groups, refer to Adding Static Groups.
- Dynamic groups
Dynamic groups are created by specifying conditions, such as job titles or departments. Users who meet the conditions are included as members of the group.
The members of a dynamic group are automatically updated when changes are made to the job titles or departments of users who belong to it.
For example, you can configure a "Manager" dynamic group so that any users whose job title is changed to "Manager" will automatically be added to the group. To do so, add a dynamic group and specify the job title "Manager" as its condition.
For details on how to configure dynamic groups, refer to the following pages.
Adding Dynamic Groups
Specifying Conditions for Dynamic Groups
Example of setting permissions using groups (roles)
This example shows how to give permissions for viewing, editing, and deleting confidential records in kintone exclusively to members of a manager group (role) configured in Users & System Administration.
-
Settings to be configured in Users & System Administration
Set up a manager group (role).
Reference: Configuring Groups (Roles)
-
Settings to be configured on the kintone app
On the app form, place a field used for labeling records confidential.
After that, configure the Permissions for Records settings as follows.- Specify the value of the field as a condition.
- Add the manager group (role) as the target, then enable its View, Edit, and Delete permissions.
For details on how to set permissions, refer to Managing Permissions.
When you configure the settings as explained above, the records visible to users will change depending on whether or not they are a member of the manager group (role).
-
If a user is a member of the manager group (role):
The screen shows records labeled as confidential.
-
If a user is not a member of the manager group (role):
The screen doesn't show any records labeled as confidential.