Group Access Manager - Security Groups

What is a Security Group? 

Security Groups are used to control access to departmental resources. If you are a member of the security group for a shared folder or mailbox, that means you are authorized to access that folder or mailbox. Likewise, if you are not a member of the security group, you cannot access it.

Security group prefixes and what they mean:

AAD - : The 'AAD - ' prefix is attached to any group that controls Azure Active Directory Permissions.

AD - : The 'AD - ' prefix is attached to any group that controls Active Directory Permissions.

APP - The 'APP - ' prefix is used attached to any group that grants some form of access to a specified application.

File - : the 'File -' prefix is attached to any group that controls access to a shared folder. 

Mail - : The 'Mail - ' prefix is attached to any mail related group. This includes departmental mailboxes, and resource calendars. If you are a member of a mailbox's corresponding group, you can access that mailbox.

VPN - : The ' VPN - ' prefix is attached to any group related to special access when connecting to the campus network via VPN.

Printer - : The ' Printer - ' prefix is attached to any group related to special access when connecting to printers.

WKS - : The 'WKS - ' prefix is attached to a group related to workstation management.

Resource Calendar Suffixes:

Resource Calendars have descriptive codes at the end of their name to help you see what level of permissions each group grants:

RCAG - This is the administrative group for a resource calendar. Members of the administrative group have full access over all appointments.

RCUG - This is the user group for the resource calendar. Members of the user group have access over appointments they booked only.

RCROG - This is the read-only group for the resource calendar. Members of the read-only group cannot book appointments, or change appointments.

Mail Group Suffix

SMUG - This is the user group for a departmental mailbox. Members of the user group have access to all aspects of the corresponding mailbox.

Some groups cannot be modified with the Group Access Manager. In order to make changes to these groups, please submit an ITS Service Desk request.

AAD:: Azure Active Directory

AD::Active Directory Permissions

APP::Application Access

Dept::Server Access

DIST::Distribution Group 

DYNMC::Dynamic Distribution Groups

File::Departmental Shared Folder

Footprints::Numera Footprints

Ghost::Ghost

GPO::Group Policy (GPO)

IIS::Internet Information Services (IIS)

Mail::Departmental UAlbany Mail account

Mail:DG:Distribution Group on prem

Mail:RCAG:Room Calendar-administrator access

Mail:RCDG:Room Mailbox-delegate access

Mail:RCROG:Room Calendar-reviewer access

Mail:RCUG:Room Calendar-user access

Mail:SMUG:Departmental UAlbany Mail account

MSSQL::MSSQL

npAD::Active Directory Permissions

npAPP::Application Access

npDept::Departmental

NPFile::Departmental Shared Folder

NPFile2::Not accessible by GAM

npFootprints::Numera Footprints

npMail::Departmental UAlbany Mail account

npMail:DG:Distribution Group on prem

npMail:RCAG:Room Calendar-administrator access

npMail:RCDG:Room Mailbox-delegate access

npMail:RCROG:Room Calendar-reviewer access

npMail:RCUG:Room Calendar-user access

npMail:SMUG:Departmental UAlbany Mail account

npPrinter::Network Printer

npPWA::Project Web App (PWA)

npVPN::Virtual Private Network access (VPN)

O365G::Office 365 Group

Printer::Network Printer

PWA::Project Web App (PWA)

SPM::Secure Password Manager

SPO::SharePoint Online

VMWare::Virtualization Software (VMWARE) access

VPN::Virtual Private Network access (VPN)

WKS::Provides elevated access to workstations (WKS)

WSUS::Windows Server Update services (WSUS)





 



Â