keycloak-scim/server_admin/topics/roles-groups/proc-managing-groups.adoc

50 lines
1.9 KiB
Text

[id="proc-managing-groups_{context}"]
=== Groups
[role="_abstract"]
Groups in {project_name} manage a common set of attributes and role mappings for each user. Users can be members of any number of groups and inherit the attributes and role mappings assigned to each group.
To manage groups, click *Groups* in the left menu.
.Groups
image:{project_images}/groups.png[]
Groups are hierarchical. A group can have multiple subgroups but a group can have only one parent. Subgroups inherit the attributes and role mappings from their parent. Users inherit the attributes and role mappings from their parent as well.
If you have a parent group and a child group, and a user that belongs only to the child group, the user in the child group inherits the attributes and role mappings of both the parent group and the child group.
The following example includes a top-level *Sales* group and a child *North America* subgroup.
To add a group:
. Click the group.
. Click *New*.
. Select the *Groups* icon in the tree to make a top-level group.
. Enter a group name in the *Create Group* screen.
. Click *Save*. The group management page displays.
+
.Group
image:{project_images}/group.png[]
Attributes and role mappings you define are inherited by the groups and users that are members of the group.
To add a user to a group:
. Click *Users* in the left menu.
. Click the user that you want to perform a role mapping on. If the user is not displayed, click *View all users*.
. Click *Groups*.
+
.User Groups
image:{project_images}/user-groups.png[]
+
. Select a group from the *Available Groups* tree.
. Click *Join*.
To remove a group from a user:
. Select the group from the *Group Membership* tree.
. Click *Leave*.
In this example, the user _jimlincoln_ is in the _North America_ group. You can see _jimlincoln_ displayed under the *Members* tab for the group.
.Group Membership
image:{project_images}/group-membership.png[]