Groups

Description

Groups are a convenient way to apply policies to a collection of users. Groups allow administrator users to specify permission for multiple users in a quick and easy way. Groups are managed in a hierarchical way. A user can belong to a group, and that user will be assigned the roles of this group and all the roles that this group inherits from its parent.

Companies are organized in different ways as business units, departments, or workgroups. In Soffid, they all are named as groups.

Some systems, like Active Directory, use ~~the~~ groups to control or restrict access to resources. A Soffid Group is more ~~like~~similar to an Active Directory ~~OU.~~organisational unit (ou) than to the group itself.

Screen overview

Related objects

~~User~~Group types : a group can be a group type.
~~Roles~~Hosts : a group can have a drive server.
~~Authorizations~~Users : users belong a one or more groups

Roles : a group can have granted roles

Authorizations : related to a manager

Standard attributes

BasicGroup table

OnGroup ~~the~~attributes ~~basic group tab,~~that you can ~~view~~select ~~all~~in the ~~group attributes. It is allowed to add new groups, and update or delete existing groups.~~table:

Name: short name to identify the group. The group name must be unique.
Description: a brief description of the group.
Drive letter: if specified, a shared folder for this user will be created. This shared folder can be mounted on ESSO hosts by using a startup script.
Parent group: name of the parent within the hierarchy. Only the root group doesn't have value. Be in mind the groups have a tree structure.
Type: a group can be categorized by organizational unit types. You have more information about Group Type page.
Drive server name: the server where the shared folders can be located.
Disabled: allows you to enable and to disable the group. When a group is disabled, the group's role hierarchy is no longer available to the group's users.
Active since

Active until

Created on

Created by

Update on

Updated by

Basic tab

On the basic group tab, you can view all the group attributes. It is allowed to add new groups, and update or delete existing groups.

The group attributes are the same than in the group table description.

💻 Image

Users tab

Administrator users can manage the users who belong to the group. These users will have assigned all the permissions granted to that group and permissions inherited from its parent.

On the user's tab, you can add new users to the ~~group by clicking the button with the add symbol (+),~~group, you must select the user to add, and select the membership properties.

It is also allowed to delete one or more users from a specific group, you can do it from the group membership details or by selecting one or more records from the list and clicking the ~~button~~delete ~~with~~user ~~the~~ ~~subtraction symbol (-).~~button.

Additionally, you can download a CSV file with the user's information and you can also upload a CSV file to add new users or update existing users.

The attributes are same than in the user page:

User : userName

Full name

Group type

Created on

Created by

Updated on

Updated by

Common attributes

User name

First name

Last name

Middle name

Organiztion

Type

Primary group

Home server

Profile server

Mail service

Mail alias

Mail server

User status

Enabled

Multi session

Comments

Audit information

Created by

Created on

Modified by

Modified last on

💻 Image

Granted roles tab

Administrator users can manage the permissions to a group, this is the way to establish an access policy to a collection of users. The users who belong to a group will inherit all the permissions granted of that group.

On the granted roles tab, you can assign or revoke roles to the group. To assign a new ~~role~~,role, you must click the button ~~with the~~ add ~~symbol (+)~~new, then select the role, in some cases specify the scope, and finally set membership properties. To revoke ~~role~~,role, you can do it from the group membership detail or by selecting one or more records from the list and clicking the ~~button~~delete ~~with~~role ~~the subtraction symbol (-).~~button.

Additionally, you can download a CSV file with the granted roles information and you can also upload a CSV file to assign roles, modify or delete assigning roles.

The attributes:

Role

Domain

System

Information system

Description

💻 Image

Managers tab

On the tab Managers, Soffid displays the Roles with Domain equals to Group and the proper authorization.

Here you can grant the role to one or more users. You can also assign the role to users on the Roles page or on the Users page. Users who have been assigned this role will be displayed in the Managers tab.

Be in mind, to query the information about the roles and users on the managers tab, it will be mandatory to give authorization to query users or groups, you must add the role to the authorization (user:query or group:query).

The attributes:

Role / managers : role with domain type groups and assigned to this group

Description : description on the role

💻 Image

** Role

** Authorization

Actions

Group query actions

~~groups.~~

~~Query~~"Query"	Allows you to query groups through different search systems, Quick, Basic and Advanced.
Add ~~or remove columns~~	~~Allows you to show and hide columns in the table.~~
~~Historical view~~	~~Allows you to check all the group's historical data. If you click this option, Soffid will display a new modal window to manage the historical view.~~
~~Add~~ new	Allows you to add a new group in the ~~system.~~system ~~You~~as a root element. It can ~~choose~~be ~~that~~more ~~option~~than onone ~~the~~root ~~hamburger menu or clicking the add button (+).~~element. To add a new group it will be mandatory to fill in the required fields
~~Add~~Download ~~child~~CSV ~~group~~file	Allows you to ~~add~~download a ~~child~~csv tofile ~~a specific group. You can choose that option below~~with the ~~father~~basic ~~group.~~ information Toof ~~add~~all agroups. ~~child it is necessary to fill in the required fields~~
Import	Allows you to upload a CSV file with the group list to add or update groups to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.
~~Download CSV file~~View	Allows you to ~~download~~show and hide columns in the table. You can also set the order in which the columns will be displayed.

Historical view	This is part of the addong backup. Allows you to check all the group's historical data. Soffid will display a ~~csv~~new ~~file~~modal ~~with~~window to manage the ~~basic~~historical ~~information~~view. of ~~all~~
Add child group	Allows you to add a child to a specific group. You can choose that option below the father group. To add a child it is necessary to fill in the required fields

Historical view (addon backup)

Switch to current view

Allows you to come back to the current data view.

Apply changes

Once you have pickup the proper date at the date component, you can apply changes and Soffid will display all the group data at the selected date time.

Then you can browse the Groups tree and check the information

Undo

Allows you to quit without applying any changes.

Group detail actions

Synchronize to a target systems	Allows you to propagate the group changes to the repository systems configured. It is only necessary when the task engine mode is configured as Manual, but you can also do it when the engine is in automatic mode. Visit the smart engine setting page for more information.
Refresh	Allows you to refresh all the group information.
Apply changes	Allows you to save the data of a new group or to update the data of a specific group. To save the data it will be mandatory to fill in the required fields
Delete group	Allows you to remove a specific group. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Undo	Allows you to quit without applying any changes.

Users

Add or remove columns	Allows you to show and hide columns in the table.
Add new	Allows you to add new user to a group. Fist of all, you need to select the user. Then you need to set the system properties. And finally you need to apply changes.
~~Remove~~Delete user	Allows you to delete one by one or to delete some users at the same time from a group . To delete some users at the same time, you need to select the users, and then click the button with the subtraction symbol (-). To delete one user, you can click the user, and then Soffid will display a form with the details. Then you can click the delete button (trash icon). Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.
~~Import~~	~~Allows you to upload a CSV file with the user list to add to the group.~~ First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.
Download CSV file	Allows you to download a CSV file with all the information about users.

Granted roles

~~Add or remove columns~~
View

Allows you to show and hide columns in the table.

You can also set the order in which the columns will be displayed.

Granted roles

~~Assign~~Add ~~role~~new	Allows you to assign a role to the group. You can choose that option on the hamburger menu or click the add button (+). Then you need to select a role from the role list. If it is necessary, the next step will be to set the scope. Then you need to check and fill in the membership properties. And finally, apply changes.
~~Revoke~~Delete role	Allows you to revoke one by one or to revoke some roles at the same time. To revoke some roles at the same time, you need to select the roles, and then click the button with the subtraction symbol (-). To revoke one role, you can click the role, and then Soffid will show a form with the details. Then you can click the delete button (trash icon). Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.
~~Import~~	~~Allows you to upload a CSV file with the role list to assign permission.~~ First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and click the Import button.
Download CSV file	Allows you to download a CSV file with all the information about roles assigned to the group.
View	Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed.

Managers

Grant <ROLE_NAME> role

Allows you to grant the role, <ROLE_NAME>, to one or more users. You need to click on the "Grant <ROLE_NAME> role", under the role you want to grant. Then, Soffid will display a modal window that allows you to search for the users. Here you are able to write the user name and select it to grant the role.

Finally, you need to accept by clicking on the "Accept" button.

If you click on the "Cancel" button, no changes will be applied.