The publications and views expressed in this (blog) website are my own personal opinions and are by no means associated with my employer.
What is a Security Group?
A Security Group is used to identify a particular group of people (users) that will be granted a specific set of actions for a particular task or Job Role.
Why do we use Security Groups?
Without using Security Groups, it becomes harder for the IT Department or even Managers to manage the appropriate access that a staff member should have. For example, if we explicitly defined that Bob should have full access to the HR folder but he then later leaves or changed departments. With the explicit permissions, it becomes that much more harder to manage as we would need to go through every folder the company has to ensure Bob does not have more access than is needed for his role or remove it entirely should he have left the Company.
With Security Groups, it is much easier to manage as his user account is part of a particular group so when he moves to a different department, we can remove him from the HR Group and add him to say Finance. Should he have left the company, we can remove him from all groups knowing that his access has now been revoked.
However, Security Groups are not just for granting access to a particular folder, they can be used to grant access to anything, as long as the system supports it.
These could be:
General Application Access
Role-based access within an Application
Access to specific computers (Servers)
Access to manage a computer e.g. configuration or installing an Application