You can view and modify the details for user groups, including users, roles, and objects.

Where You Add User Groups

  1. To add a user group, from the left menu, click Administration, and then click the Access Control tile.
  2. Select the User Groups tab and then click the Add icon.
    Table 1. Add or Edit User Group - Name and Description Page
    Option Description

    Group Name

    Name of the user group, either created manually, imported from a single sign-on server, or imported from an LDAP database that resides on another machine.

    Description

    Description of the user group, indicating its purpose.

  3. After you enter the name and description, click Next
    Table 2. Add or Edit User Group - Assign Members and Permissions Page
    Option Description

    Members

    		Select the members associated with the user group.

    Objects

    Roles determine which actions users of the group can perform in the system. Select a role from the Select Role drop-down menu, and then select the Assign this role to the user check box. You can associate more than one role with the user group.

    Select which objects the users of the group can access when assigned this role.

    • Select Object Hierarchies: Displays groups of objects. Select an object in this list to select all the objects in the hierarchy.
    • Select Object: To select specific objects within the object hierarchy, click the down arrow to expand the list of objects. For example, expand the Adapter Instance hierarchy, and select one or more adapters.
    • Allow access to all objects in the system: Select this check box to permit users of the group access to all objects in the system.
    Note:

    The roles and object permissions are interlinked when you assign more than one role to a user. For example, if the user has both, ReadOnly and PowerUser roles, the permissions associated with the PowerUser role will apply. The PowerUser role includes the permissions associated with the ReadOnly role along with other permissions.

    If the user has a custom role and the PowerUser role and the permissions of the custom role are not included in the permissions of the PowerUser role. The permissions of both the roles are merged and applied to the user.

    The same rule (object permissions from different roles are merged) applies to the object hierarchies as well.