Entitlement groups allow easier management of entitlements across a group of users. Previously, entitlement groups used an Exceptions list that could be used to override an application’s access setting at the country level. If the group did not have an exception for the application, then the country-level access setting was used.
Entitlement groups now use an explicit Allowed Applications list that defines which applications entitlement group’s users can access. To learn more about these, please see Entitlement Groups - Managing Access.
The Exception-list style group can no longer be configured, but they will continue to work or they can be converted into an Application List as described below.
What happens with previously configured Entitlement groups?
Previously configured Entitlement groups that have exceptions will continue to operate as before until the Allowed Applications list have been configured. As soon as one application is added to the Allowed Applications list, that list will define the entitlements that the group’s users are allowed to use.
To convert previously configured exceptions into the Allowed Applications list, please see How to Convert existing entitlement group exceptions into Allowed Applications
What happens with previously set User level exceptions?
Previously set User level exceptions will not change: they will continue to take the precedence over group-level access settings.
How to check what exceptions were previously configured in Entitlement groups
The only way to see allowed and blocked exceptions previously set for a certain entitlement group is through the conversion dialog.
To access it:
1) Login to https://subscriptionservices.bentley.com/ with a user that has Account Admin or Co-Administrator role
2) Navigate to Entitlement/License Management (https://connect-entitlementmanagement.bentley.com/#!/Account/SubscriptionInformation) from Enterprise portal Entitlement/License Management tile or left navigation menu
3) In left navigation menu under Users and Groups icon select Allowed Access Group https://connect-entitlementmanagement.bentley.com/entitlement/groups
4) Select The entitlement group (if no groups appear, then they have not been created - Entitlement Groups are created under User Management)
5) Click on a convert button
6) A dialog opens and shows all group level exceptions that were created for this Entitlement Group.
How to Convert existing entitlement group exceptions into Allowed Applications
Administrators can convert previously configured exceptions into the Allowed Applications list using the steps below. This conversion will take the exceptions configured for Allowed and add them to the Allowed Applications list. Any exceptions that were configured for Denied will not be converted as leaving them out of the Allowed Applications list will have the same effect. At the end of the conversion, all previously configured exceptions will be removed.
Note: This convert functionality only allows administrators to take the exceptions list from an Entitlement group that was previously configured in Entitlement Management and move that list into the Allowed Applications list. The Convert functionality does not support conversion of a Restricted Applications list from SELECTserver into this list in the Subscription Entitlement Service. That must be done manually.
To convert allowed group level Exceptions to Allowed Applications in a certain Entitlement group:
- Login to https://subscriptionservices.bentley.com/ with a user that has Account Admin or Co-Administrator role
- Navigate to Entitlement/License Management (https://connect-entitlementmanagement.bentley.com/#!/Account/SubscriptionInformation) from Enterprise portal Entitlement/License Management tile or left navigation menu
- In left navigation menu under Users and Groups icon select Allowed Access Group https://connect-entitlementmanagement.bentley.com/entitlement/groups
- Select the group that you want to convert
- Click on a convert button
- A dialog opens and shows all group level exceptions that were created for this Entitlement Group. You can select to Convert Allowed This converts the group to Allowed Access group. All access blocking exceptions are deleted.
You can delete all previously set exceptions. This will enable entitlement group’s users access to ALL applications until an application is added to Allowed Applications list.