User groups

A user group associates multiple users with a role, enabling them to access network resources. Administrators can create user groups and assign a specific role to each group according to the type of network activities the user group is meant to perform. When a role is assigned to a user group, all users within the group have the same access to resources, as specified by the role.

You can assign multiple users to a group. Users can also be members of multiple groups.

Note: The set of Fabric Services System users global; that is, it is shared by all regions. However, each user account is granted separate access to each region by associating it with the specific operator group for that region. A region's operator group is automatically created whenever you configure a region in the Fabric Services System.

Because the Fabric Services System UI only displays information about regions to which the current user has access, and because so many objects are region-specific, the region operator groups to which a user account belongs have a significant impact on what that user can see and do within the Fabric Services System user interface.

Viewing a list of existing user groups

Follow this procedure to view a list of existing user groups.
  1. Click to open the main menu.
  2. Select User and Resource Management.
  3. Select User Groups from the drop-down list.

Predefined user groups

The following table shows the predefined system user groups. Each member of the user group is assigned the corresponding role and gains the resource access privileges associated with the role. These user groups represent collections of users that have been assigned specific system predefined roles.

You can also create customized user groups for users that require specific permissions.

Table 1. Predefined user groups
User Group Name Role Description
fabric_operator_grp fabric-operator Allows group members read/write access to all system resources except infra components (such as users, roles, and resource groups).
fabric_viewer_grp fabric-viewer Allows group members read only access to system resources.
fss_admin_grp fss-admin Allows group members admin privileges for all system resources in default name spaces.
ztp_grp ztp Allows group members access to node management resources.
<region>_operator_grp0 fabric-operator Allows group members to see and interact with objects associated with this region.

A region operator group is automatically created whenever you create a new region, and has the name <region>_opreator_grp where <region> is the name of the region.

Creating a user group

A user group can be configured initially without assigning users. If you want to add users to the group, you should also have some users configured.

Follow this procedure to create a new user group.

  1. From the main menu > User and Resource Management page, select User Groups from the drop-down list.
  2. Click + CREATE USER GROUP.
  3. Under the User Info heading, specify a user group name and add an optional description to describe the purpose of the group.
  4. Under the Assigned Users heading, select users to add to the user group. Click the check box next to a user's name to add them to the group.

    Optionally, you can create a user group without users, then add users later.

    You can sort and filter the list of users.

  5. Click CREATE.

Assigning the role of a user group

You can assign a role to a user group by editing an existing user group. A role can also be assigned when you create a group.

You can only assign one role per user group. If a user group has an assigned role, you can change the assignment.

Follow this procedure to assign a role to a user group.

  1. From the main menu > User and Resource Management page, select User Groups from the drop-down list.
  2. For a specific user group, click the options menu at the right end of the row.
  3. Select Open.
  4. Select Assigned User Roles from the left navigation menu.
    You can sort and filter the list of user roles.
  5. Select one of the listed roles to assign to the user group.
    You can only select one role.
  6. Click SAVE.

Deleting a user group

Follow this procedure to delete a user group.
  1. From the main menu > User and Resource Management page, select User Groups from the drop-down list.
  2. For a specific user group, click the options menu at the right end of the row.
  3. Click Delete.
    If prompted, confirm that you want to delete the selected user group.