Move a Group - Change a Group's Position in the Group Hierarchy

If you want to change the hierarchy of your groups and subgroups, you can easily move an existing subgroup from one group to another or change its status from parent group to a child group.

Warning: Moving a group can affect your Delegated Administration and Visitor Entitlement roles. For example, if your "managers" group is used in a Delegated Administration role that grants full administrative access to the WebLogic Administration Portal, and you move a group underneath the "managers" group, any users in that new sub-group will have full administrative access to the WebLogic Administration Portal. However, this is a convenient way to grant users Delegated Administration or Visitor Entitlements.

Note: If you are using an external authentication provider to store users and groups (one that is not the default LDAP provider built in to WebLogic Server), and you want to move a group in that provider, the provider may be configured to prevent group moving from an outside tool such as the WebLogic Administration Portal. To see whether or not the external authentication provider you are using supports group moving, see View Security Provider Properties. If the Group Editor field for the authentication provider shows "No," you cannot move a group in that provider with the WebLogic Administration Portal. You must move the group directly in that provider.

To move a group in the group hierarchy:

  1. In the Users & Groups tool, select an authentication provider from the "Browse User-Groups from" field.
  2. In the Users & Groups resource tree, select the group you want to move. (If you do not see a list of groups, see the Notes below.)
  3. Right-click the group and select Move/Cut. (Or click Move/Cut in the toolbar.)
  4. Right-click the group into which you want to move the group, and select Paste. (Or select "everyone (All Users) to move the group to the top level.)

Notes: If a list of groups is not displayed, make sure you have built a group hierarchy tree for the authentication provider. If after that you still do not see a list of groups, the authentication provider probably does not allow read access (see View Security Provider Properties to find out). However, you can activate a text field for group name entry for authentication providers that do not allow read access.

If you are using an RDBMS authentication provider, be aware of case sensitivity when looking up groups. For example, group "Managers" is different than group "managers.

Related Help Topics: