Because a user group does not contain members when you
first create it, you must add users to the group.
Before you begin
If you are using Lightweight Directory Access Protocol (LDAP), membership
of an external (LDAP) group cannot be modified.
You must be assigned the Security administration role with permission to Manage security (Full permission) to perform these steps.
About this task
You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.
Procedure
- Click . If you are on 2.3.3.3, click .
-
Select a user group for which you want to add members.
To find the user group, you can filter the groups by name or description.
- From the Group members field, click Add
more in the menu field. Type the user you want to add
and then click that user name.
As you type the user name,
a list of users matching what you have typed is displayed. You must
click the user name to add the user to the group. Typing in user name
does not add the user to the group. Adding a user to a user group
results in the user being assigned the permissions of the user group.
The previous level of permissions assigned to the user is not retained.
Attention: If LDAP authentication
is enabled, the membership of a group cannot be modified.
-
Modify the permissions assigned to the user group. The following permissions are
available:
- Select the specific Workload Management sub-roles for the users in the
group. A selected check box means the users has permission to perform that operation.
- Create new patterns
- Create new environment profiles
- Create new catalog content
- IBM License Metric Tool (ILMT)
- From the list of roles, select specific Administrators roles for the
users in the group.
- Select the Allow delegation when full permission is selected option to
allow a user from the group with at least one full permission role to grant and revoke security
roles to and from other users.
- Workload resources administration role
- View all workload resources (Read-only)
- Manage workload resources (Full permission)
- Cloud group administration role
- View all cloud groups (Read-only)
- Manage all cloud groups (Full permission)
- Hardware administration role
- View all hardware resources (Read-only)
- Auditing role
- View all auditing reports (Read-only)
- Manage auditing (Full permission)
- Security administration role
- View users/groups (Read-only)
- View all security resources (Read-only)
- Manage security (Full permission)
Note: A user is automatically granted the security role to deploy workloads. This security role
assignment cannot be revoked. This security role assignment is not displayed on the console.
For more information about these
permission settings, see
Understanding security roles for Cloud Pak System Software.
- If you want to delete a user from the group, click the Remove link
located next to the user that you want to delete.
No confirmation
is required for the user to be deleted, therefore appropriate caution
must be taken when administering your user group.