Network Administration: Group Permissions

A group account is an account that represents a group of users who use the network in a similar way. You can grant the rights to the group and then assign individual users to the group instead of granting access rights to each of these users individually. When you assign a user to a group, that user inherits the rights specified for the group.

For example, suppose that you create a group named Accounting for the accounting staff and then allow members of the Accounting group access to the network’s accounting files and applications. Then, instead of granting each accounting user access to those files and applications, you simply make each accounting user a member of the Accounting group.

Here are a few additional details about groups:

  • Groups are key to network-management nirvana. As much as possible, you should avoid managing network users individually. Instead, clump them into groups and manage the groups. When all 50 users in the accounting department need access to a new file share, would you rather update 50 user accounts or just one group account?

  • A user can belong to more than one group. Then, the user inherits the rights of each group. For example, suppose that you have groups set up for Accounting, Sales, Marketing, and Finance.

    A user who needs to access both Accounting and Finance information can be made a member of both the Accounting and Finance groups. Likewise, a user who needs access to both Sales and Marketing information can be made a member of both the Sales and Marketing groups.

  • You can grant or revoke specific rights to individual users to override the group settings. For example, you may grant a few extra permissions for the manager of the Accounting department. You may also impose a few extra restrictions on certain users.