Panel Name fwAccessControl/fwAccessControl_EditGroup.pnl
Introduction

Edit Group panel

This panel is used to display and edit the details of the group, and to create new groups.

The panel has three modes of operation, determined by the access rights and the dollar parameter $mode (see below):
Edit mode
presented in Figure 1, allow to edit the details of the group. This mode is active if the user has the Group Administration access rights, the mode of the panel specified by $mode is not "RO", and non-empty name of the group was passed as the $groupName parameter.
Figure 1: Edit Group panel in the "edit" mode
In the edit mode, the Edit..., Review, Reset , Show Users, OK and Closebuttons are available.
View mode
presented in Figure 2, only displays the details of the group and does not allow for changes. This mode is active if the user has no Group Administration access rights, or the read-only mode of the panel was requested by setting the $mode to "RO".
Figure 2: Edit Group panel in the "view" mode
In the view mode, only Show Users and Closebuttons are available.
Create mode
presented in Figure 3, is used to create a new group. This mode is active if the $groupName parameter passed to the panel contained an empty string.
Figure 3: Edit Group panel in the "create" mode
In the create mode, Edit, Reset, Create and Closebuttons are available.

The panel comprises the following elements:

  • Group name text line defines the group name, which identifies the group in a unique way. Note that the Name_Group restriction apply (see the Restrictions below) for group names.
  • Group full name text line defines the full name of the group; it is free of restrictions concerning the characters used within (i.e. it may contain spaces).
    Note that the full name is displayed in the Group List panel, and the filter therein applies to the group name and the group full name. It is recommended (yet not required) to define non-empty and unique group full name.
  • Description text line contains any additional information - it's meaning is not defined; it may be left empty.
  • id text line (not editable) displays the internal unique identifier of the group. It is assigned automatically and may not be modified. This field is empty in the create mode of the panel. This idenifier may be of use for the experts and for debugging purposes.
  • Granted access rights table: displays the list of access rights that are granted to this group; note that access rights are displayed so that the domain name and privilege level are in separate columns. By default system privileges are not displayed - one needs to tick the Show System Privileges option to make them visible (e.g. in Figure 2 the system domain is called "ACServer" and the corresponding privileges are shown).
  • Edit... button: allows to modify (add/remove) the access rights granted to the group. It brings up the Edit Group's Access Rights panel; for details refer to the documentation of that panel.
  • Review button: allows to display the changes in group's access rights. It brings up the Review Changes panel displaying the access rights that have been changed.
  • Reset button: undoes the changes done in the panel, i.e. in the edit mode resets the contents of all editable fields so that they represent the current settings, while in the create mode it clears alld fields and granted access rights. Pressing this button does not apply any settings; it does not close the panel either.
  • Show Users button: allows to display the users belonging to this group. it brings up the Group Members List panel,
  • OK (in edit mode) or Create (in create mode): applies the changes, i.e. modifies or creates the group, and closes the panel.
  • Close button: closes the panel without applying the changes.


Instructions
To create a group:
Open the panel in the create mode (e.g. click the Add in the Group List panel, which may be opened using the Administration>Groups context menu of the Toolbar panel).
Fill-in at least the group name then press the Create button.
To rename a group:
Make sure the panel is open in the edit mode, for the group you wish to rename; type in the modified name into the Group name text field, then press the OK button to apply the changes. You may want to alter other settings of the group at the same time, before pressing OK.
To change the full name or description:
Make sure the panel is open in the edit mode; type in the new full name or description in the appropriate fields, then press the OK button to apply the changes. You may want to alter other settings of the group at the same time, before pressing OK.
To change the access rights granted to the group:
Click on the Edit... button; this will bring up the Edit Group's Access Rights panel, where you will be able to grant and revoke the access rights; follow the documentation for that panel.
To review the changes in the access rights:
Click on the Review button; this will bring up the Review Changes panel with lists of access rights that are going to be revoked and granted to the group.
To display the list of users belonging to the group:
Click on the Show Users button; this will bring up the Group Members List panel.
To reset the changes:
Click on the Reset button; this will fill-in the panel with actual settings for the group (in the edit mode) or clear all the fields (in the create mode).
To delete a group:
You need to use the Delete button in the Group List panel; it is available, for instance, from the Administration>Groups context menu of the Toolbar panel.
To cancel the changes or cancel group creation:
Press the Close button
To apply the changes made to group:
Press the OK button; this will bring up the Confirm Group Change panel, asking you for the confirmation of the changes. You will be able to review all the changes, then decide to ultimately accept or reject them.
Restrictions
  • Access_Group: To edit an existing group, or create a new group one needs the Group Administration (or System Administration) access rights (see also the Setup Panel ).
  • Name_Group: Group name must not contain the space ( ), colon (:), semicolon (;), pipe (|), backslash (\), asterisk (*), apostrophe (') and double-quotes (") characters. The slash (/) parameter is allowed and recommended as logical separator. Group full name and description are, however, free of limitations.
    The group name needs to be unique.
  • When the panel is opened as a result of request for group details issued in another panel (such as Access right holders list ), a dedicated "Group Details" module is opened. This module will be reused to display details of other groups (i.e. no new windows will be opened for every new inspected group)

Dollar Parameters
Name Description  
$groupName Specifies the name of the group to edit. Passing an empty string ("") will open the panel in the create mode. required
$mode If set to "RO", the panel will be opened in the view mode. optional

Return Values from panel
The panel should be opened using functions from the ChildPanel...Returns(... , df,ds) family.
When the panel is closed the following values may be returned in the df and ds parameters:
Variable Value(s) Description
dyn_float parameter (df[])
df[1] 1 Edit action terminated succesfully, OK button pressed
df[1] 0 Edit action cancelled, Close button pressed
dyn_string parameter (ds[])
ds[] not used: empty variable is always returned.

Back to the documentation of the fwAccessControl component.

Piotr Golonka, CERN IT/CO-BE