ABAC: Using Access Control Groups (ACGs) in Alerts
Updated 5 months ago
/ /
What this article covers
- How ACGs determine who can manage and send alerts in the intranet.
- How to select sub-audiences within a scoped alert audience.
- What different user roles (Manager, Admin, Feature Owner) can see and do.
Role of ACGs in the alerts feature
Access Control Groups (ACGs) enforce granular permissions in the Alerts module by controlling:
- Who can manage alerts.
- What audience(s) those alerts can be sent to.
Example: Amber Rich assigned as alert manager
- Amber is added as a scoped manager to an ACG for the Manager Resources site.
- This ACG has a scoped audience of 823 users (site members).
- Amber now:
- Can view alerts targeted to that site audience.
- Can create new alerts only for Manager Resources site members.
Step-by-step: Creating an alert with ACG restrictions
- Log in as a scoped manager.
- Navigate to Alerts.
- Click Create new alert.
- Choose Target audience.
- The list of audiences shown is limited by your ACG.
- You can:
- Select the full audience (e.g., all site members).
- Create a sub-audience using filters like department, location, etc.
- Compose and configure the alert (title, message, delivery method).
- Send the alert.
The scoped manager only sees alerts sent to their scoped audience—even if they were created by another manager or admin.
Managing alerts and audiences
Scoped managers can:
- View and manage alerts that fall within their audience scope
- Filter alerts by the audience used in the alert
- Create sub-audiences to send targeted alerts within their maximum scope
They cannot:
- Create alerts for any audience outside of their ACG
- View alerts or audience data beyond their permission scope
Example: All org vs scoped users
| Role | Audience options | Alert visibility | Special permissions |
| Scoped mManager (e.g., Amber) | Only “Manager Resources” site members and sub-audiences | Alerts targeting her ACG audience | Can create sub-audiences |
| App manager or All org manager | All audiences, including All org | All alerts across the org | Sees “All org” audience toggle |
System ACGs exist as fallbacks for All org alerts and are only editable by high-level roles like app managers or global admins.
Key takeaways
- ACGs strictly control alert visibility and audience targeting.
- Scoped managers can narrow down audiences, but never broaden beyond their defined scope.
- Global users (App Managers, Feature Owners) have full visibility and access to All org toggles.
- Users can only manage alerts that fall within their defined audience permissions.
Was this article helpful?
Subscribe to receive updates on this article