Documentation Center

Updating users with Permission Management rights

As of SDL Web 8.5, the ability to create, modify and delete Users and Groups is no longer a part of the Permission Management right, but is instead contained in a system privilege called Group Management Privilege. As part of the upgrade, you need to decide which users that had the Permission Management right should also have the Group Management Privilege.

Before you begin

To perform this task, you must have the System Administration Privilege (this is true if you were previously a system administrator user) or Group Management Privilege (this is true if you previously had Permission Management rights).

About this task

The upgrade has made all Users and Groups that have Permission Management rights in any Publication to a new Group called "Group Manager", which has been granted Group Management Privilege. This ensures that by default, the upgrade does not disrupt what those users can do.

But the reason for splitting off the management of Users and Groups in a new Privilege is to be able to deny users that Privilege, while allowing them to retain the power to perform other operations covered by the Permission Management right. Therefore, as part of the upgrade, you should manually take away the Group Management Privilege from users who should not have it, which specifically includes members of the default Group called Publication Managers.

Procedure

  1. Access the Content Manager Explorer Web site.
  2. Select the Administration Ribbon tab.
  3. To deny an entire Group the Group Management Privilege, select Groups > Show Groups from the Ribbon toolbar.
  4. In the content area, double-click the Group you want to modify.
    The Group dialog opens.
  5. Select the Privileges tab.
  6. Do one of the following:
    • If the Group-specific checkbox is selected for the Group Management Privilege, clear it.
    • If the Inherited checkbox is selected for the Group Management Privilege, select the Member of tab and change this Group's membership until it no longer inherits this Privilege.
  7. Click Save and Close to commit your changes.
  8. Alternatively, to deny an individual User the Group Management Privilege, select Users > Show Users from the Ribbon toolbar.
  9. In the content area, double-click the User you want to modify.
    The User dialog opens.
  10. In the Member of tab, examine this User's Group memberships. Imagine which Group or Groups cause this user to have the Group Management Privilege, and take away their membership from those Groups by selecting each Group and clicking Remove.
  11. Click Save and Close to commit your changes.