Managing User Groups

A user group is a user-definable object that is used to categorize users and define permissions. By carefully planning out the names for user groups and which permissions to grant each group, you can easily manage individual user permissions by making them part of one or more groups.

User Group Characteristics

• User groups can include one or more individual users.

• User groups can also include one or more user groups.

  A user group can be a super set of all the user groups included in its member list.

• Nested user groups inherit the permissions of the containing user groups.

  Since permissions can only be added, the top-level user group should be the least permissive. Nested user groups represent more permissive user groups.

• System-wide permissions are set in a user group's Details page.

  See How to Edit User Groups.

• Folder-specific permissions are set in the folder's Details page.

  See How to Modify the Folder Permissions of a User Group.

For more information about the different types of user group permissions, see Chapter 3, Controlling Access Using Permissions.

Default User Groups

The provisioning system provides three default user groups after installation: admin, registered, and universal. Default user groups cannot be deleted and cannot have their names changed.

admin User Group

The provisioning system provides the admin user group after installation to allow initial system configuration. This user group is designed for administrators of the provisioning system.

Members of the admin user group have all permissions on all objects in the provisioning system and can modify an object whether or not they own it.

Members of the admin user group perform many functions.

• setting up hosts

• adding new user accounts and user groups

• setting permissions of user groups

• creating folders for user groups

• importing plug-ins

The admin user group comes with one default user, the admin user. However, if you have more than one administrator of the provisioning system, you can add other users to the admin user group.

---

Caution –

Since the admin user group has complete control over all aspects of the provisioning system, be careful when assigning users to this group.

---

For more information about the admin user, see Default User Account.

For more information about creating new users, see How to Create User Accounts.

registered User Group

The registered user group consists of all users that have been created in the provisioning system.

registered User Group Characteristics

• Every user is a member of the registered user group, and members cannot be removed.

• Read permissions for all objects are granted to the user group.

  Read permissions cannot be revoked.

• New permissions can be assigned to the user group.

  The affect of granting a permission to the registered group is to allow all users in the system to perform the associated action.

• Although all users are assigned to the registered user group, this user group will not display in a user's user group list.

universal User Group

The universal user group includes all users. By default, no permissions are granted to this group. However, new permissions can be granted, which has the affect of allowing anyone to perform the associated operation. The registered group may not be removed as a child of this group.

How to Create User Groups

This procedure describes how to create user groups by using the browser interface. You can also create user groups by using the following command.

• udb.g.add – Creates a new user group.

For a detailed description of this command, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

Before you create user groups, you should determine how you want to organize your users. For information about how to set up user groups, see Planning User Groups and User Accounts.

To create a user group, you must belong to a user group that has write permissions on users and groups.

Steps

1. Go to the User Groups page.

   See How to View User Groups.

2. In the top row of the table that lists user groups, type a name and a description for the new user group and click Create.

   The Details page for the new user group is displayed.

3. Add a user or user group to the group.

   Newly created user groups do not contain any members.

   • To add a user, select the user account from the User menu in the Members of Group area and click Add.

     Users added to the user group inherit the permissions given to this user group and all user groups that contain this user group.

   • To add a user group, select the user group from the User Group menu in the Members of Group area and click Add.

   The Details page updates to show the added user or members of the added user group in the Current Group Members field.

   ---

   Note –

   The Current Group Members field lists a user only once, even if that user belongs to two or more groups that you have added to the group.

   ---

4. In the Permissions of Group Users area of the page, set system-wide permissions for the new user group.

   Permissions set in this user group are inherited by members of the user group. These members include individual users as well as other, nested user groups.

   ---

   Note –

   If you give the user group comparison permissions, select the host set on which the users in the group can run comparisons.

   ---

   For more information, see System-Wide Permissions.

5. When you have finished configuring the group, click Save.

   The User Groups page lists the new user group.

How to View User Groups

You can view the users and the permissions of a particular user group.

This procedure describes how to view user groups by using the browser interface. You can also view user groups by using the following commands.

• udb.g.la – Displays all user groups.

• udb.g.lo – Displays detailed information about a particular user group.

• udb.g.lp – Displays system-wide permissions granted to a user group.

• udb.g.lu – Displays members of a user group.

For a detailed description of these commands, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Steps

1. From the navigation menu, choose User Setup.

   The User Setup page is displayed.

2. In the User Setup page, click User Groups.

   This displays the User Groups page, which lists the user groups already defined.

3. (Optional) To view a list of users within a group or the permissions held by a user group, find the row that lists the group that you want to view and click Details.

Editing User Groups

Editing user groups allows you perform the following tasks after you have created a user group.

• Add a user to the user group

• Add another user group to the user group

• Remove a user or user group from the user group

• Change system-wide permissions of the user group

How to Edit User Groups

This procedure describes how to edit user groups by using the browser interface. You can also edit user groups by using the following command.

• udb.g.mod – Edits a user group.

For a detailed description of this command, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

To edit a user group, you must belong to a user group that has write permissions on users and groups.

Steps

1. Go to the Details page of the user group that you plan to edit.

   See How to View User Groups.

2. (Optional) Add a user or user group to the group.

   Newly created user groups do not contain any members.

   • To add a user, select the user account from the User menu in the Members of Group area and click Add.

     Users added to the user group inherit the permissions given to this user group and all user groups that contain this user group.

   • To add a user group, select the user group from the User Group menu in the Members of Group area and click Add.

   The Details page updates to show the added user or members of the added user group in the Current Group Members field.

   ---

   Note –

   The Current Group Members field lists a user only once, even if that user belongs to two or more groups that you have added to the group.

   ---

3. (Optional) In the Permissions of Group Users area of the page, set system-wide permissions for the user group.

   Permissions set in this user group are inherited by members of the user group. These members include individual users as well as other, nested user groups.

   ---

   Note –

   If you give the user group comparison permissions, select the host set on which the users in the group can run comparisons.

   ---

   For more information, see System-Wide Permissions.

4. (Optional) In the Permissions of Group Users area of the page, select the host set on which users can run comparisons.

5. When you complete your modifications, click Save.

Deleting User Groups

When a user group is deleted, the user group is removed from all user groups to which it belonged. Users and user groups that belonged to the deleted group continue to exist, but they no longer belong to the user group, and therefore, no longer have the permissions granted by the deleted user group.

If a folder granted the user group certain permissions, those permissions are also deleted when the user group is deleted.

How to Delete User Groups

The browser interface provides two options for deleting user groups. You can delete multiple user groups at once from the User Groups page or one at a time from the user group's Details page. This procedure provides instructions on how to delete several user groups at a time.

You can also delete user groups by using the following command.

• udb.g.del – Deletes a user group.

For a detailed description of this command, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

To delete a user group, the following requirements must be met.

• You must belong to a user group that has write permissions on users and groups.

• The user group must not be the default admin, registered, or universal user groups.

• The user group must not own any folders.

  If the user group owns a folder, change the folder's owner user group. Then delete the user group.

Steps

1. Go to the User Groups page.

   See How to View User Groups.

2. Select the user groups that you plan to delete.

3. At the bottom of the User Groups table, click Delete.

   A verification page lists the user groups that you selected.

4. Click Continue to Delete.

   After the user groups have been deleted, the User Groups page updates and the user groups that you deleted no longer appear.