Groups

Groups allow you to create classes of users. Groups make access control administration significantly simpler because you can grant and revoke permissions to large numbers of users with a single operation on the group.

Each user can belong to as many groups as necessary. A user’s permissions are the union of the permissions of the groups the user belongs to, in addition to any permissions granted to the user directly.

You can create, remove, or add users to groups by specifying the groups in groups.conf, using the tibemsadmin tool, or by using the administration APIs. For more information about specifying groups in the configuration file, see groups.conf. For more information about specifying groups using the tibemsadmin tool, see EMS Administration Tool. For more information on the administration APIs, see the online documentation.

EMS can also obtain group information from an external directory (such as an LDAP server), or an OAuth 2.0 access token presented by the connecting client. Such externally-configured groups must be defined and managed directly using the external directory, or the OAuth 2.0 provider.

Note: EMS can retrieve both static and dynamic groups from an external directory.

Did you find this helpful?

Yes No