Manage Group Access
The Roles tab lets you view and manage the permissions that are available to the members of a group. Group members inherit permissions based on the roles that are assigned to the group in one or more projects.
You can also use groups to grant group members access to a project by adding the group directly to the project team. For more information, see Manage the Project Team.
View Access Permissions of a Group
The access permissions for a group are displayed on the Roles tab of the group profile. Here, you can view which roles are assigned to the group.
- The list displays each role that is assigned to the group and the number of projects in which the group is granted this level of access.
- Beneath each role is a list of projects in which this role is granted.
- The sidebar displays the set of permissions that are assigned to the selected role.
To view the access rights for a group:
- Open the Roles tab of the group profile.
- Use the search box to filter the list by a role, project, or even a particular permission to find out if the group has the required access to a resource or operation.
Grant a Role to a Group
You can grant a role to a group directly. Members of the group are granted all access permissions assigned to this role.
To assign an individual role to a group:
- In the Access Management section of the Administration menu, select .
- In the list of user groups, locate a group that you want to assign a role to and click its name to open the group profile.
- Select the Roles tab.
- Click the Grant role button.
- In the Grant Role sidebar, choose a role that you want to assign to the group.
- Select a project where you want to apply the role. If you want to apply the role to all projects in Hub, select the Global project.
- Click the Grant role button.
The selected role is granted to the user group and all its permissions are granted to the users who are members of the group.
Revoke a Role from a Group
If a group of users no longer requires access that is granted by a role, you can revoke the role assignment. This procedure only applies to roles that are assigned directly to a group. If a role is granted to a group as a subgroup of another group, you have two options:
- Revoke the role from the parent group.
- Remove the subgroup from the parent group by nesting it under the All Users group.
To revoke a role from a group:
- In the Access Management section of the Administration menu, select Groups.
- Use the search box to find the desired group.
- Select a group from the list.
- Select the Roles tab.
- Locate the role assignment that you want to remove from the selected group. Use the search box to locate a role by name, project, or permission.
- Under the role assignment, select the project in which the role is granted.
- Click the Revoke role button.
- Confirm the action in the confirmation dialog.
- The role is revoked from the group in the selected project.
- Members of the group lose the permissions that are assigned to the role in the project.