×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

   

This documentation supports releases of BMC Helix Portal up to December 31, 2021. To view the latest version, select the version from the Product version menu.
BMC Helix Portal 21.3 Setting up role-based access control

User groups

User groups are a collection of users. As a tenant administrator, you can create user groups manually, sync user groups from an external identity provider (IdP), or sync user groups from another BMC product to provide cross–product access. Imported or synced groups are treated as external groups. For more information, see User identities

The following image describes the different types of user groups:

You can use user groups to simplify the process of managing permissions for individual users. For example, if a user in the "Product Admins" user group switched roles in the organization, instead of changing the user's permissions, you can remove the user from the current user group and add it to the new user group. Conversely, if a new user joins the "Product Admins" team, instead of providing specific permissions to the new user, you can add the new user to the existing "Product Admins" user group.

You can assign permissions to user groups, by assigning those user groups to the appropriate roles. You can also assign permissions to individual users. Assigning permissions to individual users might be required in scenarios where you want to assign specialized or sensitive permissions to a specific user for a limited duration of time.

Best practice

If you need to provide unique permissions to individual users for a long duration of time, we recommend that you let such users inherit permissions from user groups. Otherwise, it can become cumbersome and inefficient to manage a mix of user groups with inherited permissions and users with unique permissions.

The following points can help you better understand how user groups function:

  • User groups can contain users only. 
  • User groups can contain multiple users and a user can belong to multiple user groups.
  • User groups can be manually created or synced from an external identity provider (IdP).

Is there an out-of-the-box group that will by default include all the users under a tenant?

No. If you want a user group that includes all the users under a tenant, you need to create it and manually assign each user to it.

For example, the following image shows the user groups and associated users for Tenant A. The tenant administrator creates the Admin user group and assigns the user Ron to the Admin group. Ron creates other user groups for developers, QA, and DevOps users. Each of these user groups include human users with console access and API users with programmatic access. Each user belongs to a separate user group except Mike who is part of both the Dev user group and the DevOps user group.   


Where to go from here

To manually create, edit, or delete a group, see Setting up user groups.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on Jan 03, 2022
administration authorizations concept security

Comments

Log in or register to comment.

Setting up user-level API keys
Setting up user groups
© Copyright 2020-2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.