Groups

A group is a collection of users. Some authentication realms support group hierarchies.

A group has the following attributes:

  • Name Required. A string identifier that is unique among all groups. I18n characters are allowed.
  • Description Optional. A string that describes the group.
  • Members A list of users that belong to that group. A user may belong to zero or more groups and a group may have zero or more members.

Group Hierarchy

Groups can exist within a hierarchy. The existence and nature of a group hierarchy depends on the type of the authentication realm. This section describes the group hierarchy available in each type of authentication realm.

  • Database

    The Database authentication realm supports a group hierarchy. In the Database realm, groups do not have a common root element; Administrator allows multiple groups at the root level.

    A group can contain zero or more subgroups. A group is either at the root level, or it has one and only one parent group. The parent-subgroup relationship always implies membership inclusion from subgroups to parent groups. For example, if the Company Staff group contains the City Staff group, the members of the City Staff group are also members of the Company Staff group.

  • LDAP

    The LDAP authentication realm supports a group hierarchy as it exists in your LDAP server. A change in the structure in LDAP is reflected in Administrator, but only after a cache-expiry interval.