An access group is a collection of users that the system
uses to control permissions.
Use
the panel to create new access groups,
to add or remove users, and to modify group properties. The panel
displays a list of existing access groups. Click the name of a group
to select it and display its properties in the lower portion of the
panel.
- To create a new group, click Add Group to
clear the fields in the lower portion of the panel (if needed). Then,
give the group a Name and select an Owner group.
(The Owner group controls access to the new group. To edit
a group, a user must be a member of the Owner group).
If you are using LDAP authentication, fill out the LDAP Group DNs
field to tell the system which LDAP groups to map to your group. For
example, you might map the Developer group to an LDAP group named
SoftwareEngineers, and then assign permissions to the Developer group
to provide the type of access you want your software engineers to
have.
- In the LDAP Group DNs field, list the Distinguished Names of all
the LDAP groups whose members should receive the Management Console
security privileges associated with this access group.
- You can map multiple LDAP groups to any access group. You can
use the asterisk (*) character in this property to give all LDAP users
membership in this access group. You can list multiple LDAP groups
and separate them with semicolons.
- To delete an access group, select the group, and then click Delete.
Note: You
cannot delete access groups that are assigned as an Access property
elsewhere. For example, if you create an access group and set the Access property
of a project to use it, you cannot delete the group. You must first
edit the project to use another access group.
- To add or remove users, select the group, and then click the Users tab.
The system displays a list of nonmembers on the left and members on
the right. Select users and use Add and Remove to
move them from one list to another.
Note: LDAP users who have "Map
Access Group Mapping" set to "yes" will not show up in the Users tab.
This behavior ensures that the "Map Access Group Mapping" setting
actually performs the group mapping without being contradicted by
Build Forge manual settings.
- To nest groups, add a group as a subgroup of another group. When
you do this, all the permissions that apply to the containing group
apply to all the users in member groups as well. To make one group
a subgroup of another, select the desired parent group, and then click
the Subgroups tab in the lower portion of the
panel. Select the groups you want to make into subgroups, and then
click Add. You can recursively nest groups,
for example, add a parent to a child so that group A contains group
B which contains group A. If you do this, the system treats all members
of group A as members of group B, and vice versa.
- To manage the permissions for a group, choose the group, and then
click the Permissions tab. You can view the
current permissions for the group and add or remove permissions.