Rock U - Groups - Group Security

Transcribed Video Content

Alright. So let's look at group security. And this is a key construct that you must understand as you're saying if your group tree. And by understanding it, can create a very simple security model for your, group structure that works, really well. And there's lots of different facets to group security, so definitely go through this whole video and just to see all of your options. Okay. So let's just say that we have this group structure. We have this greeter group. It's underneath a group called First Impressions, which is underneath a group called Serving Opportunities. Okay. So this is our group structure. And let's just say that, , pastor Ted here is about to try to view this greeters group. So what is Rock gonna do to determine if Ted will be able to see this group or not? Okay. So the first thing we're gonna do is we're gonna actually check the security on this specific group. Okay. So can Ted Decker see this group or edit this group or administrate this group? Now, typically, you're not gonna have security on every single group. That would just take a lot of people and it'd be very error prone and it'd be hard to maintain. Okay? So in this case, we don't know. I mean, there's basically no security specifically to Ted on this group. So the next thing we're gonna check is we're gonna go out here and make this check over to the serving, group type. So, all of these groups here are of type serving group. And so this may not be super intuitive, but you're it's gonna be really clear why we do this in a second. Okay? You might be thinking if you're me that we just go up the tree and kinda go from there. But before we do that, we first are gonna go check what is Ted's security as it relates to the group type of serving groups. Okay. So in this case, in our example here, we still aren't clear as to what he can or can't do. Okay. So now, we're just gonna continue to go up the tree checking each group in its parent hierarchy until we find something that says, yeah, he can look at this or no, he can't look at this. Okay. So if we reach the top and we still don't know what to do, which is rare. Usually, by this point, we figured it out. But if we still don't know what to do, we're gonna go over and we're gonna look at the group entity type. So, every entity has a default security. So, the group entity type default security is to not let someone see it. And that kind of makes sense. , when in doubt, don't let people see groups. Now, if this for some reason was still unclear, which in reality out of the boxes, it is clear. But if it wasn't clear, then we're gonna go out and we're gonna check the global default for Rock, which basically says, hey, if you don't know what to do, Rock, what are you what are you gonna do as the default? And in a lot of cases that or in the case of the global default is to allow view. But in reality, that would never happen because a group entity type stops the viewing of groups. So, is the the way it's gonna work. As you're laying out your group hierarchy, you probably wanna come back to this and just, , review this this ordering. So let's let's see it somewhat in action to you, especially why we would do this this lookup on number two. So let's just say that we have this, hierarchy. So we have two campuses, our Palmaris campus and our Boswell campus. And they have life groups underneath them. And then there's singles groups and all kinds of different life groups. Okay? But there is a certain group type of group called the addiction group. So in this case, have two addiction groups. There are group type addiction groups. And we wanna create security where the pastoral staff or the staff can see this, but these addiction groups are kind of secure. we really don't want everybody seeing those and basically seeing that the group members of those. Now, we didn't do that check at number two to check the the security of the group type, we basically would have to come in and provide specific security for each one of these groups which would be a big pain, error prone, and eventually someone's gonna see something they shouldn't see and and there's gonna be an issue. Okay. And so that's why we put security on the group type here. Because all I have to do is just say, okay, who can see addiction groups in that one place? Now, every place we have those addiction groups will will respect that security. Okay? So this is very powerful. Allows you to really customize your security in only one or two simple steps instead of having to make it very complex and put security all over the place. Okay. So if we were to look at security, so if I were to bring up one of those security dialogues and just as a refresher, the security dialogue no matter where you bring it up, if it's a page or a group or or anything, it's it always looks pretty much the same. At the top, it tells you what we're securing. We're securing a group And so we have our what we call up here our security verbs. So we can view, edit, or administrate in this case. And then we just kind of read down. So we're looking at view permission right now. So we just kind of read down. So in this case, we're gonna see that Ted Decker is allowed. And so what Rock does is it starts at the top of this list and it just kind of drills all the way down to the bottom until it finds something that either matches, an allow or deny. So if I'm Ted Decker and I come in here, it's gonna say Ted Decker allowed, boom, found a match, so I'm gonna be allow. Now, if I'm not Ted Decker, maybe I'm Alicia Marble. I'm just gonna say Alicia is not Ted. Okay. So keep going. So we go down here and now we're we're not looking at a specific person, we're looking at a role. So we're looking at RSR pastorial workers and they are allowed. And Alicia is not a pastoral worker, so we're gonna we're gonna keep going. But notice before we keep going that it's inheriting or it got that security from the small group group type. Okay. So obviously, we're securing a group of type small group and so they're allowed. Okay. Well, Alicia's still matched, we're gonna keep trucking. So the next one is RSR Rock administration. Now, Alicia is a Rock administrator, so we're gonna stop here and now we're gonna look at to see what we can and can't do. And so it says allow. So Alicia will be allowed to view this. But if we were to keep trucking, if it was maybe this was a non staff person, we would just keep trucking past the staff workers, past the staff workers and we'd eventually hit this last one which is all users. So no matter who you are, you will match all users. And then the permission here is deny. So if I was not on staff, I would get deny and we can see that that came from the entity of group. Okay? So that's how you kind of read this screen. And if we keep looking here though, what do those rights provide? Well, view and edit kinda makes sense. Right? It's really administrate that is a little bit unique. And so if you have administrate access, it allows you to do some advanced configuration configuring whether the group is is syncing with something else, setting up group group requirements, configuring group member attributes. Because remember each group can have unique group member attributes but that's kind of advanced settings so you have to have administrate to do that. And to change the security of a group, you'd have to have administrate also. Okay? So that's what those rights provide. Now what about a leader's access to their group? So if we think about it, kind of what we've already seen and what we've already learned, we would have to basically go and and add specific security to each group for the leader to be able to view their just their group. Right? And so, I would take a factory floor of all these data administrators to keep that accurate, working, and 100% good to go. But that just wouldn't work. So, there is another way of setting security. So as you're defining the roles on your group type, so this is under admin tools general settings group types. As you're defining these roles, each of the roles can have view and edit security. Okay? So we saw that dialogue. That dialogue still applies but so does this. Okay? It's also gonna check to see, what your role is and if you're a leader or a member, you can view and if you're a leader, can edit. So that's another, very clever way, very simple way of providing security that keeps you from having to do a lot of configuration. So those are all the different ways that you can, secure your groups.