Changes are coming to Hudu security groups which may have an impact on your environment. Please read through our FAQs here for additional information.
The Hudu admin area is accessible ONLY to admins and super admin users within your organization.
- Help organize users into units that will share the same permissions within your environment.
- Apply access restrictions to the entire group(s), as opposed to configuring each user's access level individually.
- Easily remove an entries group's access to anything stored within Hudu.
Only user roles of a spectator, author, and editor can be added to security groups; for additional information, visit our User Management article. All users with these user roles are required to be in at least one security group.
Guides
Creating Security Groups
- Navigate to your admin area using your Hudu Toolbar and click on the Groups section.
- From this window, you will see a list of all security groups, including the name of the groups, number of members, whether the group is on the allow or deny list, as well as if the group was made a default group. The default group will be signified by a "Default" badge.
- Some common restriction options you will see immediately upon group creation include:
-
-
Use Allow list (start with access to no companies)
- The group starts with no access to client spaces.
-
Remove access to Global KB
- Disallows access to Global KB articles and the Global KB header navigation element.
-
Remove access to Personal Vaults (My Vault)
- Removes the ability for users to store personal passwords in the My Vault section.
-
Remove access to Share
- Removes the ability for users to share articles, processes, and passwords.
-
Remove access to Company Passwords
- Removes the ability to access and store passwords in Clients.
-
Remove access to Agreements
- Removes the ability for users to view agreements.
-
Use Allow list (start with access to no companies)
Setting Up Restrictions
- Navigate to the Hudu admin area >> Groups >> and into an existing security group.
-
Members
- Provides an overview of current members of the group.
- Choose to add or update users in the security group.
-
Companies:
- Select how you'd like client access to default for the group:
- Allow list: Group will only have access to the clients that you allow; all other client spaces will be hidden.
- Deny list: Group will have access to all client spaces; except for the ones that you deny.
- Select how you'd like client access to default for the group:
-
Login Schedule
- Select "Off" to not set a login schedule.
- Select "On" to set login restrictions.
- Choose to set restrictions on when a group can access your Hudu environment. Set days of the week or times of the day that they're allowed in.
-
Restrictions
- Choose to restrict a group's abilities or restrict them from custom asset layouts.
- Groups can be restricted from certain abilities (access to personal password vault, global KB, client passwords' section, etc.);
- Groups can also be restricted from viewing selected custom asset layouts;
- This removes the groups' ability to view the entire asset layout, across all client spaces that the group is allowed to access.
- Choose to restrict a group's abilities or restrict them from custom asset layouts.
-
Restricting Individual Items
- Nearly everything stored within Hudu comes equipped with More Options; allowing the ability to restrict individual items from security groups.
- Navigate to an individual item within Hudu (password, KB article, asset, etc.) and select More Options in the top right-hand corner.
- Select Change Permissions.
- Choose which security group you’d like to prevent from accessing the selected item.
- Nearly everything stored within Hudu comes equipped with More Options; allowing the ability to restrict individual items from security groups.
-
Members
FAQ
Answer: If a user is in multiple groups with conflicting allow/deny permissions, Hudu defaults to the deny permission.
For example, a user belongs to:
- Group A (Deny List): Denies access to companies X and Y
- Group B (Allow List): Allows access to companies Y and Z
- Group C (Deny List): Denies access to company W
Result:
- User cannot access companies W, X, and Y (denied by Groups A and C)
- User can access company Z (allowed by Group B)
- User cannot access any other companies (due to Allow List default for mixed group types)
Answer: Multiple groups are most useful when you want to create combinations of different permissions for users within the same instance.
Example 1:
An MSP has 10 employees and the following needs:
- 2 of them should not be able to view company passwords.
- All 10 should not view Test Co
- 1 should not view AtlasCo
- Otherwise, they should be able to view everything.
One way to handle this would be to:
Create a group named NoTestCo Group in deny mode, so all users in it can access all companies unless otherwise specified. Deny that group access to TestCo and add all 10 users to it.
Create a group in deny mode named NoAtlasCo Group so all users in it can access all companies unless otherwise specified. Deny that group access to AtlasCo and add the 1 user to it.
Create a group named NoPasswordView Group in deny mode, so all users in it can access all companies unless otherwise specified. Do not specify any companies. On the Restrictions tab, remove access to company passwords. Add the 2 users to it.
Multiple groups are also helpful when it comes to password folders.
Example 2:
User A is a part of a Technicians group and a Super Technicians group.
User B is a part of a Technicians group.
There is a password folder named High Security Passwords.
There is a password folder named All Techs Passwords.
Super Technicians group is given access to view the High Security Passwords folder.
Technicians group and Super Technicians group are given access to view the All Techs Passwords folder. Results:
User A (members of Technicians group and Super Technicians group) is ALLOWED to see High Security Passwords.
User B (member of Technicians group) is NOT allowed to see High Security Passwords.
User A is ALLOWED to see All Techs Passwords.
User B is ALLOWED to see All Techs Passwords.
Answer: Allow list means the group will only have access to the companies you specifically list. It is the most restrictive method for controlling company access. You may want to use this list for your default group, or if you typically want to restrict users in your instance from accessing companies as much as possible. If you create a new company in Hudu, a group using allow list would automatically not have access to that company unless you add that company to the group’s allowed companies list in the group’s settings.
Answer: Deny list means the group will have access to any companies unless you have specifically denied the company. This is a less restrictive option than allow list. If you create a new company in Hudu, a group using deny list would automatically have access to that company unless you manually add that company to the group’s denied companies list in the group’s settings.