Adding permissions to a user group

Adding permissions to a user group

After adding or creating a new user group (the instructions on how to do this are outlined in this article), the user group security permissions can be managed to control specific access to classes and methods and can allow or restrict access to a set of functionalities.

Navigate to Configuration > Security:


Select the User Groups option under User Groups:



It will show a list of all available user groups based on the finance company, and simply select one to open the Display User Group screen:





1. Grant Class Access

Access can be granted to individual classes with the full list of classes related to the functionalities that are outlined in this article.

Once in the Display User Group screen, click on the Action Panel  > Grant Access Grant Class Access:




There are several options that can be selected and a drop down list of all available class names.
Can Create - If enabled, this will allow the create permission for the class
Can Delete - If enabled, this will allow the delete permssion for the class 
Can Read - If enabled, this will allow the read permission for the class 
Can Update - If enabled, this will allow the update permission for the class 

The Class Name drop down list will have too many options to search for, so simply type in the name of the class (if known) or the area that the method is referring to e.g. customer will show around 40 options that have customer in the class name.



Once the relevant class(es) has been found, click on the  button to add the class security permission or the  button to return back to the Display User Group screen.

If the user group is not “Administrators”, only classes with the “Administrator Required” flag set to false will be listed.

2. Grant All Class Access

Access will be granted to all classes that do not have the “Administrator Required” flag set to false, if the user group is not “Administrators”. This will prevent users from assigning administrator class rights to any user. 

A flag “Administrator Required” exists against the security permissions. All the administrator only classes and methods will have a settings of “Administrator Required” set to true e.g. all the items listed in the “Clearance Level section for the “System Administrator” clearance level:




3. Grant Method Access

If the user group is not “Administrators”, only methods of classes with the “Administrator Required” flag set to false will be listed:



4. Grant All  Methods access

Access will be granted to all methods that do not have the “Administrator Required” flag set to false, if the user group is not “Administrators”. This will prevent user from assigning administrator class rights to any user:



5. Grant All Methods on Accessible Classes

Access will be granted to all methods on classes they already have access to:




6. Refresh Security Settings

When a user group is assigned new security settings, they need to be refreshed before they are enabled:



NOTE Security clearance levels exist in the system to add an additional level of user access security. Even if a user is assigned to a user group that has access to a function, if the user does not have the clearance level that will allow access they will not be able to perform the function. This is to offer a layer of protection to more sensitive functions within the finance company.


Identify Classes and Methods

To grant permission for a user group to access functionalities in Fusion, classes and methods need to be identified. 

To do that, select the functionality you need to grant permission for the user group.  E.g. Provide access to internal originator groups and to create internal originator group. 

Step 1: Go to internal originator group (located in Fusion under Configuration Organisational Structure Internal Originator Groups).

Step 2: Check the URL and find the TypeName (as the type name is taken as the class name) :



To grant access to the internal originator group functionality, add the Type name (InternalOriginatorGroup) as the class name following the instructions mentioned in 2.1 for the usergroup.

If you need to grant access to all the methods incorporated with internal originator group functionality then select Grant All Methods on Accessible Classes as mentioned in 2.5.

If you need to grant access only for specific functionality, find the method related to that functionality from the URL. 

E.g. To grant access to create an internal originator find the method from the URL.  To complete this, navigate to Configuration Organisational Structure Internal Originator Groups > click on the add or plus + icon and select the MethodName.



ClassName.MethodName will be the Method and you can add the method to the user group in fusion as mentioned in 2.3. The method name for the functionality "create internal originator group" will be as follows:
InternalOriginatorGroup.CreateInternalOriginatorGroup 


Once classes and methods are added to the user group, ensure that the cache is cleared (as mentioned in section 6). 

Follow the same process to grant permission for user groups to access other functionalities as well.




    • Related Articles

    • Assign a user to a user group

      Finance companies are able to assign their users to the security user groups they have created. Users need to be assigned to a user group in order for them to inherit the access rights and use the operations and functions assigned to the user group. ...

    • Adding an originator to an originator group

      Originator groups may have many branches or dealerships or departments etc whic are referred to as originators. Originators will allow Originator groups to be broken down to an additional level.  1. To add an originator to an Internal originator ...

    • Add a user group

      User groups control the access to functions and operations within the Clearmatch system. Access rights are assigned to user groups and each system user in the user group then inherits those access rights.  NOTE: Users with security access and also ...

    • Add a user to an ownership group

      You can add users to Ownership Groups directly from within an ownership group as detailed below. You can also add a user to an ownership from within the user but this article explains how to add from within an ownership group. 1. To add  a user to an ...

    • Create an internal originator group

      Internal Originator Groups are Originator Groups that are owned by a finance company.  Only system Users that belong to the same finance company as the Internal Originator Groups will be able to view and edit internal Originator groups. 1. To create ...