Assigning Roles to User Groups

In this article, we demonstrate how to add user groups to a role. We are using an existing role Administrators Only.

To assign user groups to existing roles, follow these steps:

  1. Under the Members tab, in the Users list, click Edit User(s).

    For information about the Require all groups option, see the All Groups Requirement topic.

    Adding groups to role membership
    Editing List of Groups in Role Members
  2. The Role Assignment modal window for groups appears.

    Managing group membership in roles
    Managing Group Membership in Roles
  3. There are several options for adding groups to role membership:

    • Search

      If you have a long list of groups in the Members section, use the Search box to match group names, select them from the sub-list, and then click Add to move them to the right side of the modal window. Click Apply.

      Using Search to Assign the Group to Role Members
      Using Search to Assign the Group to Role Members
    • Select

      In the Members section, select the groups to assign to the role and click Add to move them to the right side of the modal window. Click Apply.

      Using Simple Select to Assign the Group to Role Members
      Using Simple Select to Assign the Group to Role Members
    • Select All

      To assign all groups to Members, select All to get all group names, and then click Add to move them to the right side of the modal window. Click Apply.

      Select all Groups to Assign to Members
      Select all Groups to Assign to Members
    • Adding Externally Defined Users; LDAP Authentication

      For convenience, the Role Assignment interface supports adding into the list of assignees user goups that are not stored locally. For example, known groups available through LDAP authentication may be added in this manner.

      Enter the new group name, and click Add. After the new group name appears in the Members section, select it and click Add to move the new group to the right side of the modal window. Click Apply.

      Adding New Groups in Role Assignment Modal
      Add New Groups in Role Assignment Modal
    • Remove

      To move groups out of Members, select the group(s) on the right side panel, and then click . Click Apply.

      Select all Groups to Remove from Members
      Removing Groups from Members
  4. The list of groups assigned to the role appears in the Role: Administrators Only interface, under the Members tab.

    Click Save. A confirmation of role update appears briefly on the screen.

    Result of Assigning Groups to a Role
    Groups Assigned to a Role

All Groups Requirement

The Require all groups option ensures that only members of ALL groups listed in the role membership fields have the role's defined access.

In the preceding example, the role Administrators Only is shared by members of both Administrators and Arcadians user groups. We did not select the Require all groups option, so all members of either group get the privileges of the role. However, if we check the Require all groups options, only users who are members of BOTH Administrators and Arcadians user groups get the privileges of the role.

Role membership defined for several user groups
Effect of Require all groups option

There are two other ways a user can be a member of the role, even when the Require all groups option is on:

  1. If the user is named specifically in the Users section of the membership page.
  2. For roles that are imported from the Sentry system, if the Groups section is empty, and the user is a member of ANY Sentry group.