Introduction
This article covers the basics of the Groups feature, including what it is and how to use it in the Dispel Dashboard.
What is the Groups Feature?
Groups streamline admin workflows by simplifying user management and permission assignments. Key benefits include:
Efficient Onboarding: Automatically assign a bulk of new users predefined permissions during setup.
Bulk Actions: Apply user permissions and device Access Control Lists (ACLs) to multiple users simultaneously.
For example, if all group members need RDP access to a device, you can grant access to the entire group with a single action—no need to manually update each user.
This feature enables seamless scaling for your organization’s Dispel deployment. Whether managing a handful or hundreds of users, a few clicks update permissions and ACLs across the board, saving time and ensuring consistency.
Groups Walkthrough
Creating a Group
Navigate to the "Groups" page on the left-hand navigation bar in the Dashboard and click "+ Add Group" at the top of the page.
Select "Add Organization Group" or "Add Facility Group".
Organization Group: Can have permissions set across your entire organization. Use this for users who need access to multiple facilities.
Facility Group: Can have permissions scoped to a single facility.
Creating an Organization Group
Fill in a name for your Organization Group and a description. Then select "Create Group".
Creating a Facility Group
Fill in a name for your Facility Group, a description, and select the facility this group will have access to. Then, select "Create Facility Group".
Configuring Group Permissions at the Region and Facility Levels
Now that your group is created, you will need to assign permissions to the group similar to how you would assign permissions to an individual.
Adding Regions and Facilities
First, you will need to determine which Regions and Facilities this group will be accessing, as well as the role they should have at each of these levels.
Select the Group you just created.
For an Organization Group: Select the "Regions and Facilities" sub-tab in the right panel for your selected Group.
From here, you will be able to add any Regions you are an admin of, as well as Facilities in those Regions.
Beside each listed Region or Facility, select the blue drop-down button to change the permissions at each role-level.
For a Facility Group: Select the "Permissions" sub-tab in the right panel for your selected Group.
Beside the listed Facility, select the blue drop-down button to change the role-level permissions. A Facility Group will always have "User" permissions at the Region level.
💡 Not Sure What Permission Levels To Assign?
Check out this guide on Creating a Proper Permissions Hierarchy for Operational Technology.
Removing Regions and Facilities
Navigate to the Regions and Facilities tab on the Groups page, select the region or facility you’d like to remove, and then click Remove and refresh.
Assigning Device ACLs to a Group
Now that role-level permissions are set at the Region and Facility levels, you will need to determine which devices users in this group will be accessing, and over which ports and protocols.
Select the Group you created in the "Groups" tab.
Select the "Access" sub-tab in the right panel for your selected Group.
You will see all devices within the Facilities your Group is a member of listed here.
Click on the port/protocol you want to grant the Group access to. A green pill indicates that the group has access to a particular port/protocol, while a white pill shows restricted access.
Update the device ACLs as needed and select "Set ACL rules" to update your organization's network rules within seconds.
Adding and Removing Stacks to and from a Group
Now that you have restricted the Groups access to specific Regions, Facilities, Devices, Ports, and Protocols, you must grant them access to the workstations they will need to connect downstream.
Select your Group from the "Groups" tab.
Select the "Stacks" sub-tab in the right panel for your selected group.
Select "Add Stacks" and select the stacks you would like to add. Note that only Stacks associated with the Region your Group is in will appear.
To remove a stack from a Group, simply select the box beside the Stack and remove it.
Adding and Removing Members to and from a Group
Now that your Group is fully configured with the Regions, Facilities, Devices, and ACLs it needs to be associated with, you can add your Organization users to the group! Dropping a user into this group will allow the user to automatically inherit all of the Group's permissions and configurations.
From the "Groups" tab in the left menu, select the group you selected.
Select the "Members" sub-tab in the right panel for your selected Group.
Select "Add members".
Select the members you’d like to add from the list, and then click "Add members and refresh".
Members can be removed by highlighting them in the members tab and clicking Remove members and refresh.
Editing a Group Name or Description
Navigate to the "Groups" tab in the left menu and select the Group you created.
Navigate to "Settings" sub-tab in the right panel for your selected Group.
Under "General", you can alter the name and description of the group and click "Submit changes and refresh" to update them.
Deleting a Group
Navigate to the "Groups" page and click on the group you would like to delete.
Navigate to "Settings" sub-tab for your selected Group.
Click the "Delete Group" tab, and then click the "Delete Group" button after reading the warning message.
Next Steps
Now that you have created a Group, you can onboard users at scale using Vendor Self- Onboarding links!
Additionally, if your Organization requires users to request access, your Group members will not be able to connect downstream without an active access window. While you can wait for each individual to request access, you can also proactively create an access window for an entire group.
To learn more about how to maximize the power of Groups, click on the articles below!