Skip to main content

Overview

Access control groups allow you to organize users and apply permissions efficiently at scale. Instead of creating individual rules for each user, you can group users together and manage their permissions collectively. Groups support both static membership (manually selected users) and dynamic membership (automatically determined by filters), providing flexibility for various organizational structures.

Understanding Groups

Group Types in Entegrata

Entegrata provides centralized visibility into two types of access control groups:
System Groups (Native)
type
What are System Groups? Groups created directly by administrators within Entegrata for custom access control management.Characteristics:
  • Created and managed entirely within Entegrata
  • Fully editable and deletable
  • Display with standard formatting (white background)
  • Show “System” in the Source column
  • Support static membership (manually selected users)
  • Support dynamic membership (filter-based automatic inclusion)
  • Can include both users and other groups
Ingested Groups (Read-Only)
type
What are Ingested Groups? Groups imported from connected data sources (Aderant, Intapp Walls) during access control synchronization.Characteristics:
  • Imported from external data sources
  • Read-only (cannot be modified in Entegrata)
  • Display with blue background tint for easy identification
  • Show source system name (e.g., “Aderant”, “Intapp”) in Source column
  • Membership is managed in the source system
  • Automatically updated during synchronization
  • Changes must be made in the originating system
The combination of system and ingested groups provides complete visibility into your access control configuration. You can create custom groups in Entegrata while maintaining synchronization with groups defined in your source systems.

Membership Models

Characteristics:
  • Members manually selected
  • Explicit user and group lists
  • Membership changes require manual updates
  • Best for stable, well-defined teams
Use Cases:
  • Project teams
  • Committees
  • Temporary access groups

Creating a Group

Step 1: Navigate to Groups

  1. Go to Access ControlGroups in the main navigation
  2. The groups list displays all existing groups
Groups list page showing mix of system and ingested groups

Step 2: Initiate Group Creation

Click the New Group button in the toolbar:
New Group button highlighted

Step 3: Configure Group Settings

The Create Group modal opens with multiple tabs:
Create Group modal - initial view

General Information

1

Enter Group Name

Provide a clear, descriptive name:
  • Good: “Legal Department”, “Project Alpha Team”
  • Avoid: “Group1”, “Test”, “Temp”
2

Add Description

Explain the group’s purpose and membership criteria
3

Select Initial Members

Choose the membership configuration method (detailed in next section)

Step 4: Configure Membership

The Members modal provides three methods for defining membership:

Users Tab - Static User Selection

  1. Click the Users tab
  2. Browse or search for users
  3. Check boxes next to users to include
  4. Selected users appear with checkmarks
  5. Use pagination for large user lists
Users tab with search and selection
Use the search box to quickly find users by name or email. The search updates results in real-time.

Groups Tab - Include Other Groups

  1. Click the Groups tab
  2. Search for existing groups to include
  3. Select groups whose members should inherit access
  4. Nested group members automatically included
Groups tab with group selection
Avoid circular references - a group cannot include itself directly or indirectly through other groups.

Membership Filters Tab - Dynamic Membership

  1. Click the Membership Filters tab
  2. Click Add Filter Condition
  3. Configure the filter:
    • Select attribute (Department, Role, Location, etc.)
    • Choose operator (equals, contains, starts with, etc.)
    • Enter comparison value
  4. Add multiple conditions with AND/OR logic
Membership Filters tab with filter builder
Example filters:
  • Department equals "Legal"
  • Role contains "Manager"
  • Location in ["New York", "Boston"]
  • StartDate after "2024-01-01"

Step 5: Save the Group

  1. Review all selected members and filters
  2. Click Save to create the group
  3. Monitor save progress:
    • Compiling → Validating → Syncing
The new group appears in the groups list immediately after creation.

Viewing Group Details

Click on any group row to view details:
Group detail view
The detail view shows:
  • Group metadata (name, description, source)
  • Current member count
  • Creation and modification information
  • Action buttons (available only for system groups)
  • Source indicator (System, Aderant, Intapp, etc.)

Viewing Group Members

Member List

Click on a group to see its members:
  1. Navigate to /access-control/groups/{groupId}
  2. View the complete member list
  3. See member details:
    • Member type (Direct Members/Groups/Dynamic Members)
    • Name
Group members list page

Understanding Membership Sources

Members can be part of a group through:
Direct Members
source
Explicitly selected in the Users tab
Groups
source
Member of an included subgroup
Dynamic Members
source
Automatically included by matching filter criteria

Editing Groups

Modifying Group Settings

Only system groups (created in Entegrata) can be edited. Ingested groups from external sources are read-only and display with a blue background tint. To modify ingested groups, make changes in the source system.
To edit a system group:
  1. Click on the group row in the table
  2. Click Edit in the detail view
  3. The Edit Group modal opens
  4. Modify settings as needed:
    • Update name or description
  5. Click Save to apply changes
Edit Group modal
When editing a group, existing members and filters are preserved. Changes are additive unless explicitly removed.

Managing Members

To modify group membership:
  1. Navigate to the group details page
  2. Click Manage Members button
  3. The Add Members modal opens with current selections
  4. Make changes:
    • Add new users or groups
    • Remove existing members (uncheck)
    • Modify filter conditions
  5. Save changes
Managing existing group members

Actor Group Membership

Viewing an Actor’s Groups

To see which groups an actor belongs to:
  1. Go to Access ControlActors
  2. Click on an actor row
  3. The Actor Groups modal opens
  4. View all groups containing this actor
Actor Groups modal

Adding Actors to Groups

From the Actor Groups modal:
  1. Click Add to Groups
  2. Select groups to add the actor to
  3. Save changes
  4. The actor immediately gains group permissions
Adding actor to groups

Deleting Groups

Deletion Process

To delete a system group:
  1. Find the group in the groups table
  2. Click the Delete action button
  3. Review the confirmation dialog
  4. Confirm deletion
Delete group confirmation dialog
Deleting a group:
  • Immediately removes all permissions granted through the group
  • Cannot be undone
  • Does not delete the users, only the group container
  • May affect access rules referencing the group

Pre-Deletion Checklist

Before deleting a group:
  • Check for rules using the group
  • Verify alternative access exists if needed
  • Document the deletion reason
  • Consider disabling instead of deleting

Group Management Best Practices

Naming Strategies

Establish clear naming conventions:
  • Organizational: “Dept-Legal”, “Dept-Finance”
  • Functional: “Role-Partners”, “Role-Associates”
  • Project-Based: “Project-Alpha-Team”, “Project-Beta-Reviewers”
  • Hierarchical: “Region-NA”, “Region-NA-East”

Organizational Patterns

Mirror Organization Structure: Create groups that reflect your actual organizational hierarchy for intuitive management.
Use Nested Groups: Build complex permissions using group hierarchies rather than duplicating members across groups.
Separate Concerns: Create distinct groups for different access purposes (read vs. write, different data domains).
Regular Audits: Schedule periodic reviews of group membership to remove inactive users and update filters.

Dynamic Filter Best Practices

When using membership filters:
  1. Start Simple: Begin with basic filters and add complexity as needed
  2. Test Thoroughly: Verify filters capture intended members
  3. Document Logic: Explain filter rules in the group description
  4. Monitor Changes: Review membership after attribute updates
  5. Plan for Edge Cases: Consider how filters handle null or missing values

Advanced Group Patterns

Pattern 1: Hierarchical Organization

Create a hierarchy reflecting organizational structure: 
All-Employees (filter: Status = "Active")
├── Legal-Department (filter: Dept = "Legal")
│   ├── Legal-Partners (filter: Role = "Partner" AND Dept = "Legal")
│   └── Legal-Associates (filter: Role = "Associate" AND Dept = "Legal")
└── Finance-Department (filter: Dept = "Finance")
    ├── Finance-Managers (filter: Role contains "Manager" AND Dept = "Finance")
    └── Finance-Analysts (filter: Role = "Analyst" AND Dept = "Finance")

Pattern 2: Project-Based Groups

Combine static and dynamic membership:
  • Base group: Project team (static members)
  • Filter: Include all managers from participating departments
  • Subgroups: Specific role-based access within project

Pattern 3: Compliance Groups

For regulatory compliance:
  • Restricted group: Users with conflicts (static)
  • Cleared group: Users with clearance (static + filtered)
  • Monitor group: Compliance officers (filtered by role)

Pattern 4: Temporal Groups

For time-based access:
  • Summer interns (filter: EndDate > TODAY AND Role = “Intern”)
  • Active consultants (filter: ContractEnd > TODAY)
  • Probation period (filter: StartDate > TODAY-90)

Monitoring Group Effectiveness

Group Metrics

Track group usage and health:
  • Member Count: Current number of members
  • Growth Rate: Membership changes over time
  • Rule Usage: Number of rules referencing the group
  • Last Modified: Recent changes indicator
  • Empty Groups: Groups with no current members

Membership Auditing

Regular auditing tasks:
  1. Review groups with no members
  2. Check for duplicate or redundant groups
  3. Verify filter effectiveness
  4. Validate nested group relationships
  5. Confirm external group synchronization

Troubleshooting Groups

Common Issues

  • Verify user matches filter criteria
  • Check if user was explicitly excluded
  • Allow time for filter evaluation (1-2 minutes)
  • Verify user exists in the system
  • Review filter conditions for over-inclusion
  • Check nested groups for inheritance
  • Verify attribute values in user profiles
  • Look for OR conditions that may be too broad
  • Verify it’s a system group (not external)
  • Check your administrative permissions
  • Ensure group isn’t locked by another process
  • Try refreshing the page
  • Verify attribute names are correct
  • Check for typos in comparison values
  • Test with simpler filter first
  • Consider case sensitivity

Integration with Rules

Groups are most powerful when used with access rules:
  1. Create logical groups based on access needs
  2. Build rules targeting groups instead of individuals
  3. Maintain groups as organization changes
  4. Test permissions at the group level
Example workflow:
  1. Create “Legal-Matters-Team” group
  2. Add legal department members
  3. Create rule granting access to legal matters
  4. Assign rule to the group
  5. New legal team members automatically get access

Next Steps

Create Access Rules

Use your groups in access control rules

Test Group Permissions

Verify group member access works correctly

Explore Actor Access

See how group membership affects individual access

Configure Defaults

Set baseline permissions for your entities