Skip to main content

Creating user groups

User groups are used to authorize access to resources.

Learn more
video linkHow to create a user group

Before you begin

You can manually create user groups in the local repository. Local user groups contain local and cloned users.

You can clone any user groups that are defined in an external LDAP server. The cloned LDAP user group is named {domain}\{groupName} in the local repository. This cloned user group can be used only to authorize access to resources. Changes to the group name, description, and membership must be done through LDAP.

Before an external LDAP user can log in to XClarity Orchestrator, the user must be a direct member of an LDAP user group that is cloned in XClarity Orchestrator.

If the LDAP server configuration is setup to use login credentials and if you logged in to XClarity Orchestrator using a local XClarity Orchestrator user ID, you are prompted to provide LDAP user credentials when you clone an LDAP user group. In all other cases, you credentials are not required.

About this task

XClarity Orchestrator provides the following predefined user groups, one for each predefined role. For more information about roles, see Controlling access to functions.
  • Supervisor Group. Users in this user group are assigned the Supervisor role.
  • Hardware Administrator Group. Users in this user group are assigned the Hardware Administrator role.
  • Security Administrator Group. Users in this user group are assigned the Security Administrator role.
  • Reporter Group. Users in this user group are assigned the Reporter role.
  • Updates Administrator Group. Users in this user group are assigned the Updates Administrator role.
  • Operator Group. Users in this user group are assigned the Operator role.
  • Operator Legacy Group. Users in this user group are assigned the OperatorLegacy role. Note that this user group will be deprecated in a future release.

At least one user must be a member of a local user group to which the predefined Supervisor role is assigned (see Controlling access to functions).

Before an external LDAP user can log in to XClarity Orchestrator, the user must be a direct member of an LDAP user group that is cloned in XClarity Orchestrator (see Creating user groups). XClarity Orchestrator does not recognizes users that are members of user groups that are nested in the cloned LDAP user group defined in the external LDAP server.

Procedure

To create a user group, complete the following steps.

  • Create a local user group
    1. From the XClarity Orchestrator menu bar, click Administration (Administration icon) > Security, and then click User Groups in the left navigation to display the User Groups card.
      User Groups card
    2. Click the Create icon (Add icon) to display the Create group dialog.
    3. Select Local User Group as the group type.
    4. Specify the name and optional description for this user group.
    5. Click the Available Users tab, and select the users that you want to include in this user group.
    6. Click the Roles tab, and select the roles that you want to assign in this user group.

      If a role is not selected, the Operator role is assigned by default.

    7. Click Create.
  • Clone a user group from an external LDAP server
    1. From the XClarity Orchestrator menu bar, click Administration (Administration icon) > Security, and then click User Groups in the left navigation to display the User Groups card.
    2. Click the Create icon (Add icon) to display the Create group dialog.
    3. Select LDAP User Group as the group type.
    4. Optionally specify a description for the group.
    5. Select the LDAP configuration for the external LDAP server that contains the user group that you want to add.
      Tip
      Begin typing to find all group names that contain specified keyword
    6. If the external LDAP server is configured using login credentials, specify the username and password to log in to the external LDAP server.
    7. Specify a search string (with at least three characters) in the Search Group field, and click Search to find user groups in the external LDAP server that match the search string. Then, select the group that you want to add.
    8. Click the Roles tab, and select the roles that you want to assign in this user group.

      If a role is not selected, the Operator role is assigned by default.

    9. Click Create.

After you finish

You can perform the following actions from the User Groups card.
  • Modify the properties, local membership, and roles of a selected user group by clicking the Edit icon (Edit icon).
    Notes
    • When you add or remove a user from a group, the user is automatically logged out if the roles (permissions) changed after the new groups assignment. When the user logs in again, the user is allowed to perform actions based on the aggregated roles of the assigned user groups.
    • Each user must be a member of at least one user group. If you set this attribute to an empty array or null, OperatorGroup is assigned by default.
    • For predefined user groups, you can modify only group membership.
    • For LDAP user group, you can modify only the description and roles. Use the external LDAP server to change other properties and membership.
  • Delete a selected user group by clicking the Delete icon (Delete icon).
    Note
    You cannot delete predefined user groups.
  • View the members of a user group by clicking the group name to display the View group dialog and then clicking the Members Summary tab.