Before you begin creating groups with the Mobile Devices Administration Center, think about the types of mobile users in your organization. Users in almost any organization naturally fall into groups according to the type of work they do. For example, imagine that you are a hospital database administrator responsible for delivering data synchronization services to 10 hospitals scattered throughout the county. Visiting nurses in a home health care program and ER shift supervisors would naturally fall into two groups, because they have different sets of job responsibilities. However, there are other criteria that you should consider when structuring your user groups. Ask yourself the following questions to determine if a given set of users should belong to the same group:
Will these users all be using the same mid-tier system to synchronize enterprise data?
Each mid-tier system has a different installation of the Sync Server. Thus, all members of a group in the Mobile Devices Administration Center must use the same mid-tier system to synchronize data. For example, in your role as hospital database administrator you might, for performance reasons, have a different Sync Server for each hospital, so that the users might need to be further divided if their physical locations are different.
Do these users access the same type of data and files to perform their jobs?
Do these users have the same access privileges for a given table?
Because SQL access privileges are defined for each replication source in a subscription, and that subscription is assigned to an entire group, if users require different types of access to the same replication source they must be members of different groups.
You might have a group of nurses, for example, that all require access to the same table. However, some nurses might be allowed to only insert data, but others are allowed to update or maybe even delete data. Other nurses might be allowed to only view the data without changing it. For example, you might have a group of nurses in training that you allow only to view the data. When these nurses complete their training, you move them from the Training data synchronization group to another group for which you have defined additional SQL privileges.