Configure Group Restrictions

Enable Group Restrictions to apply access restrictions on each device category or device group.

For example, when the "Tokyo" and "Osaka" groups exist in the first hierarchy of the "Location" category and you specify Security Context to the "Tokyo" group on the "Restrictions" tab for the roles, roles can perform allowed operations on devices that belong to the "Tokyo" and any subordinate groups.

Operations cannot be performed on devices that belong to the "Osaka" group but do not belong to the "Tokyo" group.

The Group Restrictions setting applies only to a single device category and the subordinate device groups. To use the [Group Restrictions] function, organize device categories to which the devices belong and device groups in advance. For details, refer to Organize the Device List.

Use the group restrictions setting to restrict usage of the following functions in the system:

  • User role
  • Destination
  • Configuration templates

The group restrictions apply to all templates including standard device configuration, device specific preferences, SDK/J platform, Embedded Applications, address book, log collection templates.

The group restrictions setting only applies to the items, devices, and groups displayed in the system. Therefore, a discovery task, polling profile, access profile, e-mail list, configuration template and report template are assigned to the security group that the creating user of those items belongs to. Group restriction only applies to the task itself. Note that it does not apply to the devices selected in the task. Also, group restriction only applies to report templates and not to the devices selected in the report.

  1. Click [System] → [Security] → [User Roles].
  1. Select the role to which to apply the group restrictions, and then click [Group Restrictions].


  1. Select the [Enable restrictions] check box.

  2. Select the device category to which to allow access.

The group restriction setting of each function applies to the group hierarchy selected by the administrator and specified by the subordinate hierarchy.

  1. Click [OK].

  2. Click [Yes].

  3. Select the roles for specifying Security Context from the list, and select [Security Context (Read)] and [Security Context (Write)] on the [Restrictions] tab.

  4. Click (Save).