Groups
Groups can be created, managed and deleted via the IdM Role and Group Management.
To create groups, you need to have a role with the required permission, such as "Management of Network Elements". In the Group Management this role will be displayed as "Possessing Role".
There are three different types of roles which need to be distinguished:
Possessing Role:
- The owner of the role can create, edit and delete roles in the IdM Role and Group Management for groups of their groups of their choice, as well as adding or removing people from groups.
- The role can be assigned by the person with the role "Administration Roles" ("Verwaltung Rollen") for their respective organization.
Important:
- Each of these possessing roles has one (or multiple) group branches, whose entire group structure can only be seen by the owners of the possessing role.
- Group branches can be routed to different destination systems by the possessing role, e.g. via csv-exports or via the RWTH Single Sign-On Account.
The possessing role is meant to authorize the complete use of the respective service. It is therefore sufficient for small organizations to assign this role. Large organizations can use groups to split permissions within the respective services and delegate them to different people.
Group Member Management:
- The owner of this role can add people to the group within which they have been given the role "Group Member Management" and can give the role to additional people.
- The role is assigned by a person with the respective possessing role, such as "Management of Network Elements".
- Owners of this role can only see roles and groups which are related to the group administrated by them.
Group Member:
- The owner of this role has access to the services or parts of services that are assigned to their respective group. The assignment of permissions to groups happens for the respective service. For example, a person has permission to make changes and configure networks and domains assigned to their group using the applications provided for this purpose, such as DHCP / DMS /Firewall Admin and the Firewall Form.
- The Role can be assigned by a person with the respective possessing role such as "Management of Network Elements" or the role "Group Member Management"
Click on Manage Groups to see an overview of all organisations you are in.
Choose the organisation and click nextto get to the group overview in this organisation.
(1) Use the Owning role field to select the role in which context a group should be created.
- Only the roles that you own can be selected
(2) To create a group, enter a group name into the corresponding field.
(3) Click "+" to add the group to the organisation.
(4) To delete a group from the organisation, click on the bin symbol at the end of the corresponding line.
(5) The search function allows you to search for groups, people or coupons in the context of your organisation.
To manage group members, click on the name of the group to get to the details of the group.
This view shows you added (1) group members.
You can create a new group within the selected group by clicking on the plus symbol (2).
For adding a group member with a specific role, a coupon must be generated.
- Choose a required role: Mitglied Gruppen or Verwaltung Gruppenmitglieder
- Enter a given name and a surname as well as an e-mail address
- Click on Create coupon
- The coupon is sent to the e-mail address that you have entered. In 40 Minutes at the latest after the coupon has been redeemed, the person is added to the group
- You can also import members via a csv import. The data that is to be uploaded should contain the follwing information: "givenname:surname:email".
Example formatting of a csv file (separator “;”)
To delete a group member from the group, use the bin symbol.