Is there a document that clearly defines the relationship of usergroups, companies and domains? If companies belong to the admin domain how does it affect the rights of usergroups that have access to that company? Gilles
The permissions for each user group are defined ‘per domain’. So if you define the permissions of say the ‘FINANCE’ usergroup against the admin domain then all user with the finance group will have those permissions in all companies. This may or my not be what you want, but it’s generally not a good idea to assign permissions against the admin domain - except for maybe for the system administrator/superuser. Your approach here really depends on how many users you have and how complex their permissions in different companies are. Last time I did this (although it was with less than 20 users), we created one user group for each user, and one domain for each company. Assign the user to the unique group and the company to the unique domain. Then we just selected each user group and domain combination and set the permissions accordingly. If you have a repeating set then use the export/import to save time. This is a more time consuming method but it’s a lot easier to understand what’s going on and it does future proof you somewhat i.e. many users may start with very similar permissions but over time you can tweak each one in each company without worrying about who else is effected. If you’ve got more users and can use a more traditional AR/AP/GEN type grouping then fine but I’d still go with one company = one domain - it will save a lot of hair pulling later.