Groups allow you to organize users in a way that is meaningful to your enterprise.
If you grant a role to a group, all of the users in that group have that role. See “Managing a group’s roles” for information about granting roles to groups.
A group member may also have individual roles.
Table 3-3 describes the permissions you must have to manage groups.
Action |
Permissions required |
|---|---|
Create a group |
WRITE on the group controlling asset. |
List the groups in a domain |
LIST on the group controlling asset. |
View the properties of a group |
READ on the group controlling asset. |
Update the properties of a group |
UPDATE on the group controlling asset. |
Move a group to a different organization |
If the new organization is in the same domain, you need READ, DELETE, and WRITE on the group controlling asset. If the organization is in a different domain, you need READ and DELETE on the group controlling asset in the current domain, and WRITE on the group controlling asset in the new domain. |
Add users to, or remove users from, a group |
READ and UPDATE on the group controlling asset. |
Delete a group |
READ and DELETE on the subject controlling asset. |
Creating a group
In the Organization Manager tree view, select the organization, and highlight Groups.
Click New. The Create New Group dialog box displays.
Enter a name for the group, and optionally, enter a description. Click OK.
