Define the permissions for each User Group using the Configuration Editors > Security > Group Permissions Editor. Select a Group in the drop-down list. The list of configured users is displayed (and users can be added here as well). The right panel shows the various rights available in the system, and the status for the current group:

• Grayed = access disabled
• Black, underlined = access enabled
• Black, italic = access enabled by inheriting from another granted access.

In this example (Figure 3-37), access has been granted to certain Security permissions (Groups, Users, and User Groups, but not Edit Tasks). Access is granted to all configuration items at the topmost level, and all sub-tasks are permitted by inheritance. For example, to turn off Edit ADVP Rules , first remove the overall Edit Configurations permission and then add the individual permissions that we need. Expand and Collapse the tree using the buttons on the ribbon. To define a group as having site-specific access, uncheck the Apply to All Sites in the lower left panel, and then add sites using the list form below.


Figure 3-37 Group Permissions from Configuration Editors > Security > Group Permissions Editor