4.2 Groups
The Groups Administration page enables you to create, modify, and delete user groups. From this screen, you can control vSTP managed object permissions.
A group is a collection of one or more users who need to access the same set of functions. Permissions are assigned to the group for each application function. All users assigned to the same group have the same permissions for the same functions. In other words, you cannot customize permissions for a user within a group.
You can assign a user to multiple groups. You can add, delete, and modify groups except for the pre-defined user and group that come with the system.
The default group, admin, provides access to all GUI options and actions on the GUI menu. You can also set up a customized group that allows administrative users in this new group to have access to a subset of GUI options/actions. Additionally, you can set up a group for non-administrative users, with restricted access to even more GUI options and actions.
For non-administrative users, a group with restricted access is essential. To prevent non-administrative users from setting up new users and groups, be sure User and Group in the Administration Permissions section are unchecked. Removing the check marks from the Global Action Permissions section does not prevent groups and users from being set up.
Figure 4-1 Global Action and Administration Permissions

From the Insert page, mark the checkboxes to provide permissions and click OK. Return to the page and click Report to display a list of permissions for a group.
These checkboxes are grouped according to the main menu's structure; most folders in the main menu correspond to a block of permissions. The exceptions to this are the permission checkboxes in the Global Action Permissions section.
The Global Action Permissions section allows you to control all insert (Global Data Insert), edit (Global Data Edit), and delete (Global Data Delete) functions on all GUI pages (except User and Group). For example, if the Network Elements checkbox is selected (in the Configurations Permissions section), but the Global Data Insert checkbox is not selected, the users in this group cannot insert a new Network Element.
By default, all groups have permissions to view application data and log files.