Security Groups
Security groups contain a list of subjects (username & host pairs) and, in addition, may contain other Security Groups. Once a Security group is defined, the group can be added to ACL lists like normal subject(user@host) entries are added and permissioned. This allows for "sets" of users to be defined and granted permissions through a single entry in an ACL list, rather than each user having an entry.
Before adding a Security Group to an ACL, it must first be created. This can be done programmatically or via the Enterprise Manager, as shown below.
Once the group has been created, user@host subjects can be added to the group using the "Add Member" button:
Alternatively, groups can be added as members of other groups by using the "Add Group" button. This will present you with a dropdown list of existing groups to choose from:
Membership of Security Groups can be altered dynamically, and the changes will be reflected in the permissions for all ACL lists where the security group is an entry in the ACL list.
As with all ACLs in Universal Messaging, privileges are cumulative. This means that, for example, if a user is in a group which has publish permissions on a channel, but not subscribe permissions, the user will no be able to subscribe on the channel. Then, if an ACL entry is added on the channel for his specific username/host pair, with subscribe but no publish permissions, the user will then be able to both subscribe(from the non-group ACL permission), and publish (from the group ACL permission).