You can create user groups to simplify the process of managing large groups of
users.
User groups make it easier to manage a large number of users with similar access requirements.
For example, if you know that 20 different users are going to collaborate on a project and they all
need the Data steward role, you can add them to a group that is assigned the
Data steward role. If a member of the group leaves the company, you can
remove the user from the group, rather than looking for all of the assets that the user has access
to.
Before you begin
- Required permissions
- To manage groups, you must have one of the following permissions:
- Administer platform
- Manage groups
About this task
You can create and edit groups from the User groups tab of the
User management page.Important: By default, IBM® Cloud Pak for Data includes the All
users group. As the name suggests, all Cloud Pak for Data users are automatically included in
this group. The group is used to give all platform users access to assets such as the
Platform connections catalog. You cannot edit or delete this
group.
Procedure
To create a user group:
-
Log in to Cloud Pak for Data.
- From the navigation menu, select
.
- Open the User groups tab.
- Click New user group.
- Enter a name and a description for the role.
- Click Next.
- Specify the users to include in the group.
The available options depend on
whether Cloud Pak for Data is configured to use
an LDAP server.
| Environment |
Instructions |
|---|
| LDAP is not configured |
You can select the existing platform users that you want to add to the group If you have
the Manage users permission and you don't see the user that you want to add
to the group, you can create a new user.
|
| LDAP is configured |
If LDAP is configured, you can select one or more of the following types of users:
- Existing platform users
- If you want to add existing platform users to the group, click Existing
users and select the users that you want to add.
- LDAP users
- If you want to add users from the LDAP server, click LDAP
users and search for the users that you want to add.
By default, you can search on all
mapped LDAP attributes. If you want to search on a specific attribute, select it in the
Find by drop-down list.
|
| LDAP is configured with groups |
If LDAP is configured with groups, you can select one or more of the following types of users:
- Existing platform users
- If you want to add existing platform users to the group, click Existing
users and select the users that you want to add.
- LDAP users
- If you want to add users from the LDAP server, click LDAP
users and search for the users that you want to add.
By default, you can search on all
mapped LDAP attributes. If you want to search on a specific attribute, select it in the
Find by drop-down list.
- LDAP groups
- If you want to add all of the users in an LDAP group to the user group, click LDAP
groups and search for the group that you want to add.
If you add users from an LDAP
group, the users aren't immediately added to the Cloud Pak for Data user group. Every 20 minutes, Cloud Pak for Data runs a job to sync with the LDAP server. When
this job runs, the users in the LDAP group are added to the user group. If any of the users in the
LDAP group don't have a Cloud Pak for Data profile, the
job creates a profile for these users.
|
- Click Next.
- Select the one or more roles that you want to assign to this group.
If you
have the Configure authentication permission and you don't see a role that
meets your needs, you can create a new role.
- Click Next.
- Review the summary. If the values are correct, click Create.
Results
You can now use the group to give users access to various assets on the platform.