User Groups
User groups provide a way to define a hierarchy between users, enabling hierarchy based access control.
Make sure to get familiar with access evaluation.
Each non-system user must belong to a user group. If you upgraded from an older version, all existing users are assigned to the default user group.
When a new user signs up, the user is assigned to the user group defined by the auth client.
When creating users through the admin webapp, automation, or via the API; you need to specify the user group manually.
Configuring User Groups
User groups are configured and managed in the Corteza Admin webapp.
In the Admin webapp, navigate to the System User Groups to see the list of currently defined user groups. Click on the New User Group button in the top left corner to open up the editor.
Fill in the required fields and select the user groups this one reports to. Click on the Submit button to create the user group.
Each user group may report to multiple user groups. Each user group may report to the same user group following paths with different names.
You can specify the path name in the isDescendantOf function
After the user group is created, two new sections appear at the bottom of the page. You can assign users to the user group in the "User Group Members" section.
The user group of a particular user can also be changed from the user edit screen. Locate the "User group" drop down select to change the user group.
Don’t forget to save your changes by clicking on the Submit button.
You can assign roles to the user group in the "Role membership" section.
Additions
Auth Client Additions
Auth clients now specify the default user group newly created users are assigned to. The default user group (provisioned by Corteza) is assigned to all existing auth clients.
Contextual Role Expression
Contextual roles now provide a set of expressions you can use to evaluate hierarchy.
isDescendantOfisDescendantOfCisDescendantOfRisDescendantOfUisDescendantOfD
We suggest you create a new contextual role which enables users access resources in lower user groups.
Last updated