Managing Groups

This topic describes the basics of working with groups.

About Groups

Create groups to manage user access to applications and resources.

A group has no permissions until you do one of the following:
  • Write at least one policy that gives that group permission to either the tenancy or a compartment. When writing the policy, you can specify the group by using either the unique name or the group's OCID. For information about writing policies, see Managing Policies.
  • Assign the group to an application.
Note

The All-Domain-Users group is a group that's created by IAM. All identity domain users are assigned to this group by default. If you assign this group to any of your applications, then all users are assigned to these applications indirectly.

For a user, the All-Domain-Users group doesn't appear in the Groups tab because this group is assigned automatically when a new user is created. Also, because this group is created by IAM, and not by an administrator, you can't delete this group.

For information about the number of groups you can have, see IAM Object Limits.

Using the Console

Creating a Group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Click Create group.
  4. In the Name and Description fields of the Create group window, enter the name of and descriptive information about the group.
  5. To allow users to request access to this group, select User can request access.
  6. To add users to the group, select the check box for each user that you want to add to the group.
    Tip

    To search for a user, click the text box, enter all or part of the beginning of the user name, first name, or last name of the user, and then press Enter.
  7. Click Create.
Adding Users to a Group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Click the group you want add users to.
  4. Click Assign user to groups.
  5. To add users to the group, select the check box for each user that you want to add to the group.
    Tip

    To search for a user, click the text box, enter all or part of the beginning of the user name, first name, or last name of the user, and then press Enter.
  6. Click Add.
Removing Users from a Group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Click the group you want to remove users from.
  4. Select the check box for each user that you want to remove from the group.
    Tip

    To search for a user, enter all or part of the beginning of the user name, first name, or last name of the user and then press Enter.
  5. Click Remove user from group. Confirm when prompted.
Assigning Applications to a Group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Do one of the following:
    • To assign an application to all users, search for and click the All Tenant Users group.
    • To assign an application a group that contains a subset of users, click the name of the group, and then click Applications.
  4. Click Assign applications.
  5. In the Assign applications window, select each application that you want to assign to the group by clicking the Actions menu (three dots) for the application, and then click Assign.
  6. When you are done assigning applications, click Close.
Removing Applications from a Group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Click the group that you want to modify.
  4. Click Applications.
  5. Select the check box next to the applications that you want to remove.
  6. Click Revoke access. Confirm when prompted.
Deleting Groups
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Groups.
  3. Select the check box for each group that you want to delete.
  4. From the More actions menu, select Delete.
  5. Confirm when prompted.