Groups Management
How to Create and Manage Groups in the CDM Web Application
Categories:
The Groups Management Interface provides administrators with the tools to organize users into groups, a fundamental component of the Role-Based Access Control (RBAC) inside the CDM-Server.
This page allows you to create, view, update, and delete groups within the system, ensuring flexible and secure user management.
Types of Groups
There are three types of groups available on the Groups Management page:
- Local Groups: These groups are fully managed within the system. Administrators can add or remove users from these groups as needed to align with access requirements.
- Remote Groups: Remote groups are synchronized from external ID-provider (LDAPS and Azure). These groups list remote users in a read-only mode.
- Singleton Groups: These are system-generated groups that are automatically created when a user is either created (for local) or registered (for LDAPS and Azure). Each Singleton Group contains only the individual user for whom it was created. Singleton Groups are read-only, meaning additional users cannot be added to them, nor can the user be removed from their Singleton Group. A Singleton Group is a special case of a Local Group.
Creating a Group
- Click on the + button in the table header to open the Create Group dialog.
- Fill the Name field (multiple languages are allowed) and the Remote Id field (only for LDAPS and Azure)
- Click Save to add the group to the system. The new group will appear in the groups table.
Assigning and Removing Users
Once a Group has been selected, in the right panel of the Groups Management page, administrators can assign or remove users from normal groups to adjust access as needed:
- Assign Users: Click on the + button of the panel and select a one or more users from the “search users dialog” and add them to the selected group, granting them the permissions associated with the group’s roles.
- Remove Users: Click on the “trash” icon button once at least one user has been selected to revoke the associated permissions.