Manage Group Access
The Roles tab lets you view and manage the permissions that are available to the members of a group. Group members inherit permissions based on the roles that are assigned to the group in one or more projects.
You can also use groups to grant group members access to a project by adding the group directly to the project team. For more information, see Manage the Project Team.
View Access Permissions of a Group
The access permissions for a group are displayed on the Roles tab of the group profile. Here, you can view which roles are assigned to the group.
There are two views available on this tab. The default view shows the list of roles that are assigned to the group, listed by Project or organization.
The first section shows roles that are assigned directly to the group.
The second section shows roles that are assigned to the group as a member of a project team.
The last sections show roles that the group inherits from any parent groups including roles that are assigned to the All Users group.
You also have the option to view the list by Role.
The information is divided into the same sections that are shown when viewed by Project.
The following actions are available in both views:
Use the search box to filter the list. You can use a range of filter criteria including user, group, role, and permission. Enter your search criteria in the format
field: value
.For example, if you want to see the projects that members of the group have permission to update, enter
permission: (Update Project)
and apply the filter.Click the Details button to show or hide the sidebar. The sidebar displays the set of permissions that are assigned to the role. The permissions are grouped by service.
To view the access rights for a group:
Open the Roles tab of the group profile.
Use the search box to filter the list by a role, project, or even a particular permission to find out if the group has the required access to a resource or operation.
Grant a Role to a Group
You can grant a role to a group directly. Members of the group are granted all access permissions that are assigned to this role.
To assign an individual role to a group:
In the Access Management section of the Administration menu, select .
Select a group from the list.
Select the Roles tab.
Click the Grant role button.
In the Grant Role dialog, choose the role that you want to assign to the group.
Select one or more projects and organizations where you want to apply the role. If you want to apply the role to all projects in Hub, select the Global project.
Click the Grant button.
The selected role is granted to the user group.
All of the permissions that are assigned to the role are granted to the users who are members of the group.
Revoke a Role from a Group
If a group of users no longer requires access that is granted by a role, you can revoke the role assignment. This procedure only applies to roles that are assigned directly to a group. If a role is granted to a group as a subgroup of another group, you have two options:
Revoke the role from the parent group.
Remove the subgroup from the parent group by nesting it under the All Users group.
To revoke a role from a group:
In the Access Management section of the Administration menu, select Groups.
Use the search box to find the desired group.
Select a group from the list.
Select the Roles tab.
Locate the role assignment that you want to remove from the selected group. Use the search box to locate a role by name, project, organization, or permission.
Under the role assignment, select the project in which the role is granted.
Click the Revoke role button.
Confirm the action in the confirmation dialog.
The role is revoked from the group in the selected project.
Members of the group lose the permissions that are assigned to the role in the project.
For roles that are assigned to the group as a member of a project team, you can revoke access by removing from the group or project team. Select the role in the list and click the Remove from team button.