Managing Groups

In order to manage groups, you need to have permission to manage security (typically Advanced or Supervisor folder role) in the folder in which the group is located, and you must be using Advanced Mode.

About Groups

Groups are a collection of users that share similar functions or roles in an area of the system. Groups make it much easier to manage user accounts as common permissions can be defined and maintained in one place and are inherited by all members of the group.

Any given user can be a member of multiple groups and inherits the combined permissions of all of those groups.

Folder Locations for Groups

Like users and other resources, groups belong in a folder. Since groups also provide permissions over folders, it is often good practice to locate the group in the policy root folder for which it provides permissions as this makes the purpose of the group clear. This is why the system creates default user groups in each policy root folder.

However, it is not a rule that groups have to be organized in this way and you can locate a group in any folder if it makes sense for your organizational structure to do so. For example, with a group that provides permissions over many policy root folders, it would not make sense to locate it in any one of these folders, so the group can be relocated to some other folder of choice.

Default Groups

Certain user groups are created automatically in Analytics, either in the Analytics root folder or in each policy root folder that is created. These default groups include the following four  types of group:

 

Group

Folder Location

Purpose

Everyone

Analytics root.

All users belong to this group automatically. This group ensures that all users have the Global Basic role as well as access to the standard reports and dashboards.

Everyone

Each policy root.

All tenant users are added to this tenant specific group. This group ensures that users get access to the standard gadgets.

Basic Users

Each policy root.

You can add members to this group to grant them the Basic role in this policy root folder and its inherited folders.

Advanced Users

Each policy root.

You can add members to this group to grant them the Advanced role in this policy root folder and its inherited folders, and also the Global Advanced role.

Supervisor

Each policy root.

You can add members to this group to grant them the Supervisor role in this policy root folder and its inherited folders.

 

Changing Membership in a Group

A user's membership in a group can be managed. For more details, see Memberships.

Creating Groups

Users can also create, edit, move, delete, edit the users within groups, and edit the groups within groups in Resource Manager (in the Folder Tree panel, select System > Group).

To create a group:

  1. Open the Tools Tools menu.

  2. Select Security > Groups.

  3. Navigate to the folder where the new group should be located.

  4. In the toolbar, click the New option. The Create a new group page opens.

  5. Provide details for the following fields:

    • Name: Enter the name for the new group. This must be unique within the folder. Groups in different folders may have the same name.

    • Description: Enter a description for the group, such as a summary of its permissions or the categories of users it is intended for.

  6. If you want to create more than one group, select the Create Another check box to remain on the Create a new group page after you have created this group.

  7. Click Save to save the group, or click Back to discard it and return to the list.

Fields Available when Creating a Group

 

Field

Description

Entry

Default

Required

Name

A unique name for the group.

Unique. Up to 50 characters, letters, numbers, and underscore characters only. Must begin with letter or number.

Null

Yes

Description

A description of the group.

Up to 255 characters.

Null

No

Editing a Group

To edit group details:

  1. Open the Tools Tools menu.

  2. Select Security > Groups.

  3. Navigate to the folder containing the group to be edited. 

  4. In the list, find the group you want to edit and click its name. The group properties screen opens.

  5. Under the Details tab, make any changes that are required to the group’s Name and Description.

  6. Click Save to save the changes or click Back to discard any changes without saving.

Fields Available when Editing a Group

 

Field

Description

Entry

Default

Required

Details Tab

Name

A unique name for the group.

Unique. Up to 50 characters, letters, numbers, and underscore characters only. Must begin with letter or number.

Null

Yes

Description

A description of the group.

Up to 255 characters.

Null

No

Enabled

Indicates whether this group is currently active on the system.

Check this box to specify that the group is currently active. If this box is not checked then any access that has been granted to users through this group is not available.

Selected

No

Members Tab

Members

Add members to this group or remove members from this group.

To add one or more members to this group, click Add Members, go to the folder that contains the users to add, then select the user or users and click OK.

To remove a user member from this group, click beside the user you want to remove from the group.

Null

No

Groups

Groups

Add this group to another group or remove this group from another group.

To add one or more members to this group, click Add Members, go to the folder that contains the users to add, then select the user or users and click OK.

To remove a user member from this group, click beside the user you want to remove from the group.

Null

No

Enabling or Disabling a Group

A group can be disabled to render its permissions inactive for a time, so that they are not inherited by the members of that group. This may be useful if a set of permissions needs to be withdrawn temporarily.

To enable or disable a group:

  1. Open the Tools Tools menu.

  2. Select Security > Groups.

  3. Navigate to the folder containing the group.

  4. In the list, find the group you want to enable or disable and click its name. The group properties screen opens.

  5. Under the Details tab, uncheck the box marked Enabled to disable the group and make its permissions inactive, or check the box to enable the group and make its permissions active again.

  6. Click Save to save the changes or click Back to discard any changes without saving.
     

Moving a Group

Moving a group does not change its permissions as these are applied to the group directly or are inherited from the other groups that the group is a member of. They are not based on its location within the folder hierarchy.

To move a group:

  1. Open the Tools Tools menu.

  2. Select Security > Groups.

  3. Navigate to the folder containing the groups.

  4. In the list, find the groups you want to move and check the box next to each one.

  5. In the tool bar, click Move.

  6. Select a folder in the tree to move the selected groups to (this must be another folder for which you have Group Management permissions).

  7. Click Save to commit the move, or click Back to cancel the move.

Deleting a Group

To delete a group:

  1. Open the Tools Tools menu.

  2. Select Security > Groups.

  3. Navigate to the folder containing the groups.

  4. In the list, find the groups you want to delete and check the box next to each one.

  5. Click the Delete option and confirm the deletion when prompted.

Related Topics

  1. About Users, Groups, and Roles

  2. About Users

  3. Managing Users

  4. Managing ISE Enabled Users

  5. Managing Permissions

  6. Managing Roles

  7. Managing Global Roles