Managing user groups
You can create user groups to simplify the process of managing large groups of users.
User groups make it easier to manage a large number of users with similar access requirements. For example, if you know that 20 different users are going to collaborate on a project and they all need the Data steward role, you can add them to a group that is assigned the Data steward role. If a member of the group leaves the company, you can remove the user from the group, rather than looking for all of the assets that the user has access to.
- Permissions you need for this task
- To manage user groups, you must have one of the following permissions:
- Administer platform
- Manage user groups
- When you need to complete this task
- You can complete this task any time you need to create, edit, or delete a user group.
About this task
The type of group that you can create depends on your environment:
| Not integrated with an LDAP server | Integrated with an LDAP server | |
|---|---|---|
| Not integrated with the Identity Management Service | ||
| Integrated with the Identity Management Service |
Creating a user group without an LDAP server
If you have not connected to an identity provider, you can create a group by specifying the users that you want to include in the group.
To create a user group:
- Log in to IBM Software Hub.
- From the navigation menu, select .
- Open the User groups tab.
- Click New user group.
- Enter a name and a description for the role.
- Specify the users to include in the group.
You can select the existing platform users that you want to add to the group
If you have the Manage users permission and you don't see the user that you want to add to the group, you can create a new user.
- Click Next.
- Select the one or more roles that you want to assign to this group.
If you have the Manage platform roles permission and you don't see a role that meets your needs, you can create a new role.
- Click Next.
- Review the summary. If the values are correct, click Create.
Creating an assigned user group with an LDAP server
In an assigned user group, you must specify the platform users, LDAP users, and LDAP groups that belong to the user group.
To create an assigned user group:- Log in to IBM Software Hub.
- From the navigation menu, select .
- Open the User groups tab.
- Click New user group.
- Enter a name and a description for the role.
- If you integrated with the Identity Management Service, select Assigned. (If you are not integrated with the Identity Management Service the group is automatically an assigned group.)
- Click Next.
- Specify the users to include in the group.
The available options depend on whether your LDAP server has LDAP groups.
Groups Instructions LDAP does not have groups If LDAP is configured, you can select one or more of the following types of users: - Existing platform users
- If you want to add existing platform users to the group, click Existing users and select the users that you want to add.
- LDAP users
- If you want to add users from the LDAP server, click Identity provider users and search for the users that you want to add.
LDAP is configured with groups If LDAP is configured with groups, you can select one or more of the following types of users: - Existing platform users
- If you want to add existing platform users to the group, click Existing users and select the users that you want to add.
- LDAP users
- If you want to add users from the LDAP server, click Identity provider users and search for the users that you want to add.
- LDAP groups
- If you want to add all of the users in an LDAP group to the user group, click
Identity provider groups and search for the group that you want to add.
If you add users from an LDAP group, the users aren't immediately added to the IBM Software Hub user group. When a user logs in to IBM Software Hub, the platform determines whether the user is a member of an LDAP group. If the user does not have a profile, the platform creates a user profile and adds the user to the IBM Software Hub user group.
- Click Next.
- Select the one or more roles that you want to assign to this group.
If you have the Manage platform roles permission and you don't see a role that meets your needs, you can create a new role.
- Click Next.
- Review the summary. If the values are correct, click Create.
Creating a dynamic user group with an LDAP server
- Location
- Nationality
- Organization
- User type
Users are automatically added or removed from the user group based on the attributes that are assigned to them on the identity provider. For example, you create a user group for people managers (user type) in the finance group (organization) in Canada (location). If Annette is hired as a people manager for the finance group in Canada, she will automatically become a member of the group. Similarly, if Rajesh is transferred to Spain, he will automatically be removed from the group.
To create a dynamic user group:- Log in to IBM Software Hub.
- From the navigation menu, select .
- Open the User groups tab.
- Click New user group.
- Enter a name and a description for the role.
- Select Dynamic.
- Click Next.
- Define the membership rule for the group:
- Specify how the conditions are enforced:
- Choose All conditions (AND) to include users only if all of the conditions are met.
- Choose Any condition (OR) to include users if at least one condition is met.
- Specify one or more conditions by specifying:
- An attribute: Location, Nationality, Organization, or User type
- An operator: Equal, Not equal, Match, or Not match
- The value for the condition.
- Specify how the conditions are enforced:
- Click Next.
- Select the one or more roles that you want to assign to this group.
If you have the Manage platform roles permission and you don't see a role that meets your needs, you can create a new role.
- Click Next.
- Review the summary. If the values are correct, click Create.
When a user logs in to the platform, the user is automatically added or removed from the group based on the attributes that are assigned to them on the LDAP server.