Access groups
Access groups
Learn how to manage access groups, which are groupings for organizing Users, Service IDs, or a combination of both into a single entity that facilitates assigning Access Policies to multiple subjects at a time.
The main benefit of having Access Groups is that you can add or remove Users or Service IDs to the Access Group, as well as assigning it one or more Access Policies that could continue to be managed in a centralized construct, instead of adding the same Access Policies individually to all the Users or Service IDs; this facilitates the onboarding experience by managing just a few steps in the process.
The following permissions are needed to be able to manage Access Groups and Access Policies. The
Platform Administrator
role, which is the out-of-the-box role granted to you when the account is first created, is the only role that includes all these permissions. Alternatively, as a Platform Administrator
, you can create Custom Roles and assign them the Access Groups and Access Policies permissions.Permission | Description |
|---|---|
iam.accessgroups.view | Allow to view Access Groups |
iam.accessgroups.create | Allow to create Access Groups |
iam.accessgroups.update | Allow to update Access Groups |
iam.accessgroups.delete | Allow to delete Access Groups |
iam.accessgroups-rules.view | Allow to view Access Groups rules |
iam.accessgroups-rules.add | Allow to add Access Groups rules |
iam.accessgroups-rules.delete | Allow to delete Access Groups rules |
iam.accessgroups-members.view | Allow to view Access Groups members |
iam.accessgroups-members.add | Allow to add members to Access Groups |
iam.accessgroups-members.delete | Allow to delete members to Access Groups |
Accessing the Access Groups page
The Access Groups page allows you to create, edit, and view Access Groups. At the same time, you can add and remove users from the Access Groups, and even create an Access Policy into the Access Groups. In this way, you can control your access management needs quickly and efficiently.
To navigate into the Access Groups page, follow these steps:
- Access the IAM page.
- SelectAccess Groupsfrom the left navigation bar of the page. A new page is displayed.
Once in the Access Groups page, you can perform a series of actions to personalize your access management needs, including the following:
- Creating a new Access Group
- Editing an Access Group
- Deleting an Access Group
- Adding Users to an Access Groups
- Removing Users from an Access Groups
- Adding Access Policies to an Access Group
- Removing Access Policies from an Access Group
- Viewing Access Policies
- Adding Rules to an Access Group
- Viewing, editing, and deleting rules
- Adding Service IDs to an Access Group
Creating a new Access Group
- ClickAdd New.
- SelectAdd an Access Group. The Add Access Group page opens.In this page, complete the following information to add a new Access Group:
- Access Group Name:Enter the name of the Access Group.
- Description:Enter an optional description.
- ClickAddto finish.
The
Access Group
list is automatically updated with the new Access Group been displayed.Editing an existing Access Group
- Click theoverflow menunext to the Access Group that you want to edit.
- SelectView Details. The Details page for the Access Group selected opens.
- ClickSettingsand thenEditat the top of the page The Settings Details page opens.
- Make all necessary updates, and clickUpdateto finish.
After Step 2, when you are in the Details page for the Access Group, you can also perform other actions, including the following:
- Adding Users
- Assigning Access Policies
- Adding Service ID
Add New
, and selecting the appropriate action.Deleting an existing Access Group
- Click theoverflow menunext to the Access Group that you want to edit.
- SelectDelete, and confirm the deletion by typing the name of the Access Group.
Adding Users to an Access Group
To add a new User to this Access Group, follow these steps:
- Select the Access Group that you want to edit.
- ClickAdd New.
- SelectAdd Users. TheAdd Users to Access Grouppage opens.
- In this page, a dropdown menu displays a list of users that you can select from. Make your selection and clickAddat the bottom of the page to finish.
The
Users
list from that specific Access Group
is automatically updated and the new User is displayed.Removing Users from an Access Group
To remove a User from an Access Group, follow these steps:
- Select the Access Group that you want to edit.
- SelectUsersfrom the left navigation bar, if not already selected.
- Click theoverflow menunext to the User that you want to remove.
- SelectRemove, and confirm the removal by typing the name of the user.
You can remove several users from an Access Group in bulk. To do so, select the checkbox next to each of the users and click
Remove
at the top of the Users list. Viewing Users
To view all the Users in a particular
Access Group
, simply access the Access Group page and confirm that the Users
tab is selected. You can use the filter and search capabilities to do more specific searches. Adding Access Policies to an Access Group
You can assign Access Policies to resources depending on your level of access.
To add a new Access Policy to an Access Group, follow these steps:
- Access theAccess Groupsthat you want to add an Access Policy to.
- Click the overflow menu and selectView details.
- From the left navigation bar, selectAccess Policy.
- Click theAssign Access Policybutton. A new page is displayed.
- Complete the following information:
- Select Service:Select the service available from the dropdown menu.
- Select Scope:Based on the service that you selected, click the radio button that applies to your selection:
- If you selectAll resources, the Access Policy is assigned to all resources within the Access Group.
- If you selectResources based on selected attributes, you can add acccess tags or attributes for a more specific access selection.
- Access Tags: Select and access tag from the dropdown list.
- Attributes: Select an attribute from the dropdown list. You can add all the existent attributes by clicking theAdd attribute +link.
- Based on the attribute selected, select theattribute nameandattribute valuefrom the dropdown list. The attribute operator is set equal by default.
- Select Role:Select the Platform role or roles that you want to assign to this Access Policy. You may also select one of the Custom Roles that you have created.
A tag number lets you know how many permissions are associated to that specific role. Click said tag number to learn about the permissions' descriptions. - ClickAddat the bottom of the page to complete the request.
The
Access Policies
list from that specific Access Group
is automatically updated and the new Access Policy is displayed.Removing an Access Policy from an Access Group
To delete an Access Policy from an Access Group, follow these steps:
- Navigate to theAccess Grouppage and select theAccess Policiestab from the left navigation bar.
- Click theoverflow menunext to the Access Policy that you want to remove.
- SelectDelete, and confirm the deletion.
Viewing Access Policies
To view all the Access Policies associated to an Access Group, simply access the
Access Group
page and navigate to the Access Policies
tab from the left navigation bar. This list of Access Policies displays specific information such as the services, roles, and resources. You can use the filter and search capabilities to do more specific searches.Adding Service IDs to an Access Group
To add a Service ID to an Access Group follow these steps:
- Navigate to the Access Group of your choice.
- ClickAdd New.
- SelectAdd Service ID. The Add Service ID(s) to [Name of the Access Group] page opens.
- Select one or more Service IDs to be added.
- ClickAdd.
If all available Service IDs have already been assigned to the Access Group, a message lets you know of this.
Do you have two minutes for a quick survey?
Take Survey
