How to limit a user in CA Performance Management so they can only see and edit a single group.
How can a user be configured to allow management of only one single Group, preventing their access to other Users Groups for both Viewing and Editing?
All supported CA Performance Management releases
1: Configure a new Role that provides the target user the correct level of access. In this situation the key Role Right is the Performance Center right "Administer Groups Owned by You and Others".
2: Configure a User that is set with the new Role.
2A: In the second tab labeled "Access Permissions" set the correct set of Groups that the User is able to View. This controls only the Groups the user can View. It does not affect which Groups the user can Edit.
2B: In the third tab labeled "Administer Groups" set the correct Group the User is able to Edit. This will limit the user to being able to Edit this one single Group and no others.
The end result should be a User that can see the Groups at and below the starting point set in its "Access Permissions" (IE: What is visible to the user), who can also Edit only one single Group set in its "Administer Groups" (IE: What Groups can the User Edit).
Make use of the User Proxy function from the Manage Users page. This makes testing the changes to the Role or User much easier to examine and reset as the proper level of access is developed between the Role and User configurations working together.