Subsections

• 14.1 How to create new Roles or Groups
  • 14.1.1 Sub-Group Assignment
  
  
• 14.2 How to delete Roles or Groups
• 14.3 Add or Remove Users from a Group
• 14.4 Group membership
• 14.5 How to find the files/directories accessible by a Group

---

14 Group Management

The Group Management functions allow an administrator to:

• Create new Roles or Groups
• Delete existing Roles or Groups
• Add or Remove users to Groups
• Bulk import/export Groups

The WANdisco Groups are hierarchical with parent-children associations between sub-groups. Groups provide a convenient way of organizing multiple users into a related category for controlling access as well as searching for users. It is recommended that you setup ACLs on a group basis rather than users (both are allowed) for easier management of security policies.

14.1 How to create new Roles or Groups

The first step towards setting up security is to map organization or project structure to WANdisco Groups (also referred to as Roles in security literature). The groups are hierarchical. If a user belongs to a parent group, they children groups automatically inherit users in the top-level parent groups. In the same way, Access Rules or ACLs attached to children group are automatically applied to the parent groups. Before creating new groups it is important to work out the parent-child hierarchy. For instance an engineering team may be split up along geographical sites: sanramon-engr, tokyo-engr. These two groups may belong to a parent group: engr. Within sanramon-engr group there may be role based hierarchy: sanramon-project-projectlead, sanramon-qa.

To add a new group, click on the Create Group option in the security menu and specify its name. The name can contain any character including white-space, there are no restrictions. The group name is the primary key into the group database, it can not be changed. If you need to change it just delete the group and add a new one with a different name. Description field can contain any relevant text describing the group. The WANdisco for CVS Enterprise Edition tracks the creation and modification time-stamp on the groups automatically.

Once a group is created, you can start assigning users to it.

Please note that a system group Admin always exist in the WANdisco for CVS Enterprise Edition. As mentioned in the ACL section below, a user belonging to the Admin group gets Admin privileges which include List,Read,Write privileges on all resources.

14.1.1 Sub-Group Assignment

The group is assigned under the checked group as a sub-group. To de-assign, uncheck the checkbox and click 'Save Details'. Note by selecting a group, this group is automatically assigned as its sub-group. A sub-group can have exactly one parent. Clicking on the icon e will allow you to edit the specific group.

14.2 How to delete Roles or Groups

From the security web console, click on an edit Group icon to go to the Edit Group page. The edit Group icons are visible from any Group management page. Click on the delete button to remove a group.

When a group is deleted it is also removed from the all users who previously belonged to that group. The ACLs associated with the groups are not deleted, they no longer apply though. You can edit them and assign them to a different group.

14.3 Add or Remove Users from a Group

On the Web console, the Add or remove function under Group management is context-aware. When you select a group by clicking on its checkbox, only users that can be added or removed are shown. This ensures you don't have to worry about duplicate users when adding them to a group. You can use it to quickly add/remove multiple users to/from a given group or sub-group.

If a user has been added to a parent group, they automatically belong to any sub-groups underneath it. So there is no need to add them to the sub-groups. The context-aware web UI will show users who are not in parent groups for example when adding them to a sub-group.

For the initial setup you can also use the bulk user import option to quickly import multiple users and their associated groups.

14.4 Group membership

To quickly view a list of users who belong directly to a specific group, just click on the "List users only in this group" in the Edit Group page. To view the list of all users including the ones inherited from ancestor groups, click on the "List all users including inherited from parent groups" hyperlink.

14.5 How to find the files/directories accessible by a Group

Go to the Edit Group page for the group. Scroll down to the "Resource Details" panel. The resource table contains the listing of all the files and directory patterns (regular expressions) and corresponding ACLs applicable to the specified group. You can click on the ACL hyperlink to edit the associated rule.