Adding members to user groups

Because a user group does not contain members when you first create it, you must add users to the group.

Before you begin

If you are using Lightweight Directory Access Protocol (LDAP), membership of an external (LDAP) group cannot be modified.

You must be assigned the Security administration role with permission to Manage security (Full permission) to perform these steps.

About this task

You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.

Procedure

  1. Click System > User Groups. If you are on 2.3.3.3, click Security and access > User Groups.
  2. Select a user group for which you want to add members.
    To find the user group, you can filter the groups by name or description.
  3. From the Group members field, click Add more in the menu field. Type the user you want to add and then click that user name.
    As you type the user name, a list of users matching what you have typed is displayed. You must click the user name to add the user to the group. Typing in user name does not add the user to the group. Adding a user to a user group results in the user being assigned the permissions of the user group. The previous level of permissions assigned to the user is not retained.
    Attention: If LDAP authentication is enabled, the membership of a group cannot be modified.
  4. Modify the permissions assigned to the user group. The following permissions are available:
    • Select the specific Workload Management sub-roles for the users in the group. A selected check box means the users has permission to perform that operation.
      • Create new patterns
      • Create new environment profiles
      • Create new catalog content
      • IBM License Metric Tool (ILMT)
    • From the list of roles, select specific Administrators roles for the users in the group.
      • Select the Allow delegation when full permission is selected option to allow a user from the group with at least one full permission role to grant and revoke security roles to and from other users.
      • Workload resources administration role
        • View all workload resources (Read-only)
        • Manage workload resources (Full permission)
      • Cloud group administration role
        • View all cloud groups (Read-only)
        • Manage all cloud groups (Full permission)
      • Hardware administration role
        • View all hardware resources (Read-only)
        • Manage hardware resources (Full permission)
      • Auditing role
        • View all auditing reports (Read-only)
        • Manage auditing (Full permission)
      • Security administration role
        • View users/groups (Read-only)
        • View all security resources (Read-only)
        • Manage security (Full permission)
    Note: A user is automatically granted the security role to deploy workloads. This security role assignment cannot be revoked. This security role assignment is not displayed on the console.
    For more information about these permission settings, see Understanding security roles for Cloud Pak System Software.
  5. If you want to delete a user from the group, click the Remove link located next to the user that you want to delete.
    No confirmation is required for the user to be deleted, therefore appropriate caution must be taken when administering your user group.