Assigning roles to groups is more efficient than assigning the same permissions to individual users one at a time. As an Organization Owner user, you create groups and determine the members that make up your groups and what roles they are assigned.
You can also edit groups after they are created or added. As your Organization expands and changes, add or remove members from your groups.
There are two types of groups available in
VMware Cloud services – custom groups and enterprise groups. Custom groups can be shared with other Organizations. Enterprise groups can be nested in custom groups.
- Custom Groups
- You create custom groups by entering a name and a description, adding members, and then assigning roles for the Organization and its resources. For example, you can create a custom group and give it an Organization Member role to your Organization and a support role, and read-only access to specific services in the Organization. Custom groups can also include enterprise groups.
- Shared Groups
- When you create a custom group, you can decide if you want to make it shared or not. As an Organization Owner, you associate the shared group with other Organizations which allows the members of the shared group to be assigned roles in the associated Organizations and get access to services without invitation from the Organization Owners.
- Enterprise Groups
- Enterprise groups are groups synced from your corporate domain. After you federate your corporate domain with VMware Cloud services, your enterprise groups are available for you to use in your Organization. See how to assign roles to enterprise groups.
- Nested Groups
-
Adding a group to another group is called nesting. Here's what you need to know about nested groups:
- You can nest an enterprise group in a custom group.
- Nested groups can hold a combination of roles; roles assigned directly to the enterprise group and the roles assigned through the custom group.
- You can edit the roles of a nested enterprise group or add additional roles, but you cannot remove the roles inherited from the custom group.
- You cannot nest a custom group in another custom group.
As an Organization Owner, you can also edit groups after they are created or added. For custom groups, you can edit the name and description, add or remove members, and change the role assignment of the group. For enterprise groups, you can only change the role assignment of the group.
As an
Organization Owner you create groups, manage the groups, and as your Organization expands and changes add or remove members from your groups.
Note: When you make changes to groups, it may take up to 30 minutes for the changes take effect in the Organization.