How do I work with groups

Assigning roles to groups is more efficient than assigning the same permissions to individual users one at a time. As an Organization Owner user, you create groups and determine the members that make up your groups and what roles they are assigned.

You can also edit groups after they are created or added. As your Organization expands and changes, add or remove members from your groups.

There are two types of groups available in Tanzu Platform cloud services – custom groups and enterprise groups. Custom groups can be shared with other Organizations. Enterprise groups can be nested in custom groups.

  • Custom Groups

    You create custom groups by entering a name and a description, adding members, and then assigning roles for the Organization and its resources. For example, you can create a custom group and give it an Organization Member role to your Organization and a support role, and read-only access to specific services in the Organization. Custom groups can also include enterprise groups.

    For custom groups, you can edit the name and description, add or remove members, and change the role assignment of the group.

  • Shared Groups

    When you create a custom group, you can decide if you want to make it shared or not. As an Organization Owner, you associate the shared group with other Organizations which allows the members of the shared group to be assigned roles in the associated Organizations and get access to services without invitation from the Organization Owners.

    Service roles assigned to shared groups are Organization-specific. The Organization Owners from the associated Organizations import the shared group and assign roles to the group within their own Organizations. To import a shared group, the Organization Owners must know the group name or ID.

    Only the Organization Owner of the source Organization – the Organization in which the shared group was created – can modify the members of the group or remove it. Removing a shared group from an associated Organization does not delete it and it can be added back later. See how to manage shared groups.

  • Enterprise Groups

    Enterprise groups are groups synced from your corporate domain. After you federate your corporate domain with Tanzu Platform cloud services, your enterprise groups are available for you to use in your Organization. See how to assign roles to enterprise groups.

    For enterprise groups, you can only change the role assignment of the group. You cannot add or remove members from enterprise groups in Tanzu Platform cloud services, but you can assign them roles for the Organization and its resources, and add them to custom groups.

  • Nested Groups

    Adding a group to another group is called nesting. Here’s what you need to know about nested groups:

    • You can nest an enterprise group in a custom group.
    • Nested groups can hold a combination of roles; roles assigned directly to the enterprise group and the roles assigned through the custom group.
    • You can edit the roles of a nested enterprise group or add additional roles, but you cannot remove the roles inherited from the custom group.
    • You cannot nest a custom group in another custom group.

As an Organization Owner, you can also edit groups after they are created or added. For custom groups, you can edit the name and description, add or remove members, and change the role assignment of the group. For enterprise groups, you can only change the role assignment of the group.

As an Organization Owner you create groups, manage the groups, and as your Organization expands and changes add or remove members from your groups.

Note

When you make changes to groups, it may take up to 30 minutes for the changes take effect in the Organization.

  • How do I create a new group
    As an Organization Owner user, you can create new groups in your Organization and assign the group Organization and service roles. These groups are called custom groups.
  • How do I assign roles to enterprise groups
    If your domain is federated with Tanzu Platform cloud services, you can select groups from your corporate source domain and assign them roles in your Organization. These groups are called enterprise groups.
  • How do I manage shared groups
    When an Organization Owner user creates a custom group and associates it with other Organizations, the group becomes shared. The Organization Owners of the target Organizations receive and email invitation from the source Organization’s Owner to import the shared group and assign service roles.

Parent topic:Identity & Access Management

check-circle-line exclamation-circle-line close-line
Scroll to top icon