I've inherited an application with no documentation, no jira, no dev notes , nada.I can see that the app has four groups defined, but have pretty much no idea the context behind the groups. If I use dependencies on the group - then I can see the security settings - but dont see any use of the groups within interfaces - for instance if user member of group then show section .....Any ideas how to audit this info ?i thought to export the application and search the sml directly for 'memberof' tye code but that doesn't seem to work ...
Discussion posts and replies are publicly visible
Simple thing in my mind would be to create test users as members of each group, each pair of groups, each set of 3, and a test user with all 4. See what they can do. See what actions they have, what records they can see, which related actions they can see on those records.
It might still be extremely obtuse after that, but I think front-end approach may at least give your investigations a firm starting-point.