Assigning roles to groups is more efficient than assigning the same permissions to individual users one at a time. As an organization owner, you create groups and determine the members that make up your groups and what roles they are assigned.
You can also edit groups after they are created or added. As your organization expands and changes add or remove members from your groups.
- Custom Groups
- You create custom groups by entering a name and a description, adding members, and then assigning roles for the organization and its resources. For example, you can create a custom group and give it an organization member role to your organization and a support role, and read-only access to specific services in the organization. Custom groups can also include enterprise groups.
- For custom groups, you can edit the name and description, add or remove members, and change the role assignment of the group.
- Shared Groups
- When you create a custom group, you can decide if you want to make it shared or not. As an organization owner, you associate the shared group with other organizations which allows the members of the shared group to be assigned roles in the associated organizations and get access to services without invitation from the organization owners.
- Service roles assigned to shared groups are organization-specific. The organization owners from the associated organizations import the shared group and assign roles to the group within their own organizations. To import a shared group, the organization owners must know the group's name or ID.
- Only the organization owner of the source organization – the organization in which the shared group was created – can modify the members of the group or remove it. Removing a shared group from an associated organization does not delete it and it can be added back later. See how to manage shared groups.
- Enterprise Groups
- Enterprise groups are groups synced from your corporate domain. After you federate your corporate domain with VMware Cloud services, your enterprise groups are available for you to use in your organization. See how to assign roles to enterprise groups.
- For enterprise groups, you can only change the role assignment of the group. You cannot add or remove members from enterprise groups in VMware Cloud services, but you can assign them roles for the organization and its resources, and add them to custom groups.
- Nested Groups
Adding a group to another group is called nesting. Here's what you need to know about nested groups:
- You can nest an enterprise group in a custom group.
- Nested groups can hold a combination of roles; roles assigned directly to the enterprise group and the roles assigned through the custom group.
- You can edit the roles of a nested enterprise group or add additional roles, but you cannot remove the roles inherited from the custom group.
- You cannot nest a custom group in another custom group.
As an organization owner, you can also edit groups after they are created or added. For custom groups, you can edit the name and description, add or remove members, and change the role assignment of the group. For enterprise groups, you can only change the role assignment of the group.
As an organization owner you create groups, manage the groups, and as your organization expands and changes add or remove members from your groups.