1E 8.1 (on-premises)

In releases of Tachyon prior to release 8, management groups were associated with roles. In versions from release 8 onwards, management groups are instead associated with a role/principal pair. The same role or principal may therefore be associated multiple times with a management group, provided that its pair member differs. You cannot assign the same role and principal pair more than once to a management group, but you can assign the same role and a different principal to it, or conversely, a different set of roles but the same principal, multiple times, to the same group.

Management groups now support hierarchical relationships. A management group may stand alone, or it may have a parent or child management group associated with it. In turn, these child groups may have children, and so on.

A management group can have at most a single parent. However, a parent management group can have multiple children.

When a management group is associated with a role/principal pair, the rights granted to the pair are those of the management group plus its children, if any.

Prior to version 8 of Tachyon, management group rules, as defined in the SLA subsystem, and then imported into Tachyon, did not support operator precedence. This meant that you could not define rules where certain logical terms (AND/OR) bound more tightly.

In version 8, rules now support precedence, so you can define in a rule how the various terms will be bound. When creating rules using the PowerShell Integration Toolkit, the rule expression you supply simply uses brackets to specify operator precedence, exactly as you would when specifying a scope or filter expression in Tachyon.

To find out more about management group rules, please refer to SLA management groups and rule expressions.

It is now possible to define roles which can be delegated by users who lack global privileges to the 'all devices' virtual management group. This is discussed in the documentation for the add-tachyonrole cmdlet.