All Collections
Administration
New Access Control
Access Control Groups
Access Control Groups

Learn more about groups and their permissions.

J
Written by Júlio César
Updated over a week ago

IMPORTANT: This documentation has been discontinued. Read the updated Access control groups documentation on our new documentation portal.

Groups are associations between a set of users with one or more roles and their respective environment (test or production). You can create, edit and archive a group.

The group creation has: name, description and the users list of the group. After creating a group, it is necessary to edit its permissions.

In this step, it is possible to add, remove and change the bindings, which are the associations between a role (and their respective permissions) and the environments where they will be applied. A group can have zero or more bindings.

If the selected role for a group has only permissions for services that do not require an environment definition, the environment field will be disabled (Ex: permissions for the Global and Account services do not require an environment definition).

Before starting:

Read the following articles and learn more about groups:

How to create a new group

  1. Sign in to the Digibee Platform;

  2. Click the “Administration” icon;

  3. Enter the "Groups" menu option;

  4. Click the + CREATE button in the upper right corner;

  5. Fill in the name and description fields and if you want to include users already, select the users who will be listed on the group;

  6. After filling in, click the SAVE button;

  7. Search for the group in the search bar;

  8. Click the “Edit” icon;

  9. A group editing window will open, click on "Permissions";

  10. On this window, click the "+ Binding" button;

  11. Select the paper and the environment;

  12. Click the SAVE button

IMPORTANT: It is possible to bind one or more roles to the same group, creating a permissions build-up

How to edit a group

Follow the next steps to edit a group:

  1. Sign in to the Digibee Platform;

  2. Click the “Administration” icon;

  3. Enter the "Groups" menu option;

  4. Search for the group in the search bar;

  5. Click the “Edit” icon;

  6. The group editing window will open, allowing you to add new members or change group permissions;

  7. Do the desired changes;

  8. Click the SAVE button

IMPORTANT: When editing a group, the reason for the change will be asked for archival (historical) purposes, because when editing the bindings between the roles and groups assigned to that group may lose access to the Platform." Access the Platform's audit interface to see a group's change history.

How to archive a group

Follow the next steps to archive a group:

  1. Sign in to the Digibee Platform;

  2. Click the “Administration” icon;

  3. Enter the "Groups" menu option;

  4. Search for the group in the search bar;

  5. Click the “Archive” icon;

  6. Fill in the reason for the group's archival;

  7. After filling in, click the ARCHIVE button;

IMPORTANT: When archiving a role, you will be asked for a reason for the change history. Because any users binded to the archived group will lose access to the permissions assigned by that group. Access the Platform's audit interface to see a group's change history,

FAQs

Must users be assigned to a group?

No. However, Users that are not assigned to any group will only have access to viewing and changing their profiles.

What is the relationship between groups and users?

A user can be assigned to one or more groups and inherit the permissions associated with the groups they are listed on.

In case that there are users listed on more than one group, the final result of their permissions will be a sum of the permissions between all the groups that they are assigned, based on environments of each binding.

For example:

If in a group “Test”, the user can make deploys in the test environment and in another group “production”, they can make deploys in production, the final result will be that the user will have access to make deploys in “production” and in “test”

This information is very important when removing a permission from a user. Because, if they are assigned to several groups with repeated permissions, by removing access from only one group (or from the role contained in the group), the user will still be able to have access to the Platform's resources.

How can I remove one or more permissions of a user in the Platform?

When clicking “Edit a User”, the Platform presents a window with a list of all the groups they belong to and another with a summary of all their permissions.

It is recommended that if you remove the users of the groups and review their permissions in the “Permissions summary”, located in the User Details interface, if the permission was really removed.

Is the group creation fully customizable?

Yes. It is only necessary that the user has the USER GROUP permission: TO CREATE (GROUP: CREATE) and USER GROUP: UPDATE (GROUP:UPDATE), to respectively create and edit groups and their links on the Platform.

What happens when a permission is removed from a role that is associated to a group?

The moment the permission is removed from the role, all groups that had that role as a binding will lose access.

However, it is important to note that a group can have multiple links, that is, multiple roles applied to different environments, and eventually, when removing a permission from a role, the group can continue with the access that was removed due to an eventual permissions build-up.

In order to remove only one user (that is, removing the association to one or more groups) it is recommended to edit the user directly.

Related Articles
New Access Control model
Basic Concepts about Users
Access Control Roles
New Access Control Transition
Integration of IdP groups with Digibee groups
Did this answer your question?