Permissions Required for Managing a Site-Level Group

If you need to create policy rule in the Site

context and want to grant permissions to members of a group, the group also must be defined in the Site

context. To allow organization administrators to manage the group, assign it to a domain where organization administrators have permissions to view and edit the group. This would be useful if an organization administrator needed to modify a product team that was created using a team template. Since teams created from a team template require Modify permission at the site level, a group should be created at the site-level to manage these updates.

1. Create a group from Site

> Utilities > Participant Administration.

2. Assign the group to a domain within the organization context where the organization administrator is granted Read and Modify permissions for the group. For example, the Organization Name domain where Organization Name is the name of the organization for which the user designated to manage the group is an organization administrator. The default rules for this domain grant organization administrators Full Control (All) permission for WTObject.

3. Create the following access control policy rule from Site

> Utilities > Policy Administration in the System (Site) domain:

Object Type	State	Permission Granted	Participant
Team	N/A	Modify	Group (created in step 1)