User groups
A user group associates multiple users with a role, enabling them to access network resources. Administrators can create user groups and assign a specific role to each group according to the type of network activities the user group is meant to perform. When a role is assigned to a user group, all users within the group have the same access to resources, as specified by the role.
You can assign multiple users to a group. Users can also be members of multiple groups.
Because the Fabric Services System UI only displays information about regions to which the current user has access, and because so many objects are region-specific, the region operator groups to which a user account belongs have a significant impact on what that user can see and do within the Fabric Services System user interface.
Viewing a list of existing user groups
-
Click
to open the main menu.
- Select User and Resource Management.
- Select User Groups from the drop-down list.
Predefined user groups
The following table shows the predefined system user groups. Each member of the user group is assigned the corresponding role and gains the resource access privileges associated with the role. These user groups represent collections of users that have been assigned specific system predefined roles.
You can also create customized user groups for users that require specific permissions.
| User Group Name | Role | Description |
|---|---|---|
| fabric_operator_grp | fabric-operator | Allows group members read/write access to all system resources except infra components (such as users, roles, and resource groups). |
| fabric_viewer_grp | fabric-viewer | Allows group members read only access to system resources. |
| fss_admin_grp | fss-admin | Allows group members admin privileges for all system resources in default name spaces. |
| ztp_grp | ztp | Allows group members access to node management resources. |
| <region>_operator_grp0 | fabric-operator | Allows group members to see and interact with objects associated
with this region. A region operator group is automatically created whenever you create a new region, and has the name <region>_opreator_grp where <region> is the name of the region. |
Creating a user group
Follow this procedure to create a new user group.
-
From the main menu > User and Resource Management page, select User Groups from the
drop-down list.
- Click + CREATE USER GROUP.
- Under the User Info heading, specify a user group name and add an optional description to describe the purpose of the group.
-
Under the Assigned Users heading, select
users to add to the user group. Click the check box next to a user's name to add
them to the group.
Optionally, you can create a user group without users, then add users later.
You can sort and filter the list of users.
- Click CREATE.
Assigning the role of a user group
You can only assign one role per user group. If a user group has an assigned role, you can change the assignment.
Follow this procedure to assign a role to a user group.
-
From the main menu > User and Resource Management page, select User Groups from the
drop-down list.
-
For a specific user group, click the
options menu
at the right end of the row.
- Select Open.
-
Select Assigned User Roles from the left navigation menu.
You can sort and filter the list of user roles.
-
Select one of the listed roles to assign to the user group.
You can only select one role.
- Click SAVE.
Deleting a user group
-
From the main menu > User and Resource Management page, select User Groups from the drop-down
list.
-
For a specific user group, click the options menu
at the right end of the row.
-
Click Delete.
If prompted, confirm that you want to delete the selected user group.