Groups Help Documentation

Owned by Christina
Last updated: Nov 18, 2021
4 min read

Manage membership for existing groups and create new groups. These are custom groups that users can create, manage and apply to individual resources. Once a group has been created, you can navigate to pipelines, tools, tasks, parameters and scripts and assign RBAC Access Rules and identify if group has Administrator, Manager, User or Guest access to that particular resource. All group members will have access if a group is assigned a role. Group Management is limited to Site Administrators or Power Users only. Click on a group to manage membership OR create a new group, then add or remove members to it by following the instructions below.

 

Note: You must be logged in as a Site Administrator or Power User to manage Groups. After a user is created you can follow these steps to add or remove them from a Group. For more information on user creation, view Creating a new user in Opsera help documentation.

Manage Groups

Note: For Group membership changes go into effect, user must log out then log back into the portal.

Add a User to a Group

  1. Navigate to Settings → Groups → Groups.

2. Click on the group you’d like to add a user to. Click on Manage Members tab and type the name of an existing user in search box. Click on user.

3. Click ‘Add Selected’ button.

4. User will move into “Members” box on right.

5. Click ‘Save’ button.

Remove a User from a Group

6. Select user’s name from the column on the right to highlight it, then click the ‘Remove Selected‘ button. The user‘s name will move into the ‘Not Members’ column on the left.

7. Click ‘Remove Selected' button.

8. Click ‘Save’ button.

Assign Group RBAC Access

Once a Group has been created, you can navigate to pipelines, tools, tasks, parameters and/or scripts and assign RBAC Access Rules and identify if Group has Administrator, Manager, User or Guest access to that particular resource. All Group members will have access to the resource if a Group is assigned. If a non-Site Administrator or non-Owner has RBAC Access to a resource and re-assigns RBAC access to a group they are NOT a member of, they will forfeit their access.

 

Note: If a Group is assigned specific Access Rules to a resource and a group member is already a member of the Site Administrators or Power User Site Role, that privilege will supersede these settings where applicable.

 

  1. Navigate to the resource you wish to apply Access Rules to. In this example, we will apply Access Rules to a pipeline.

  2. Click on pencil icon in Access Rules field.

     

  3. From Edit Access Rules, select ‘Groups’.

     

  4. The ‘Assignee’ drop down will display groups. Select the group you wish to grant pipeline access to.

     

  5. In ‘Access Type’ drop down, select which type of access the group will have.


    Pipeline RBAC Access:

Access Type

Description of Pipeline Access

Administrator

Full Access

Manager

Please note, this role is the same as a Site Level Power User.

·   View Step Configuration

·   Edit Step Details

·   Publish a pipeline to catalog

·   Duplicate a Pipeline

·   Stop, Start, Reset Pipeline

·   Approve Step when pipeline is waiting (this may not apply via Slack, so have to flush out the services end on this still.)

·   Edit Access Roles

·   Edit Step Notification Rules

User

This is the standard user policy so it’s designed to give users just enough access to run, stop, reset pipeline. They will see all pipeline activity logs too.

Guest

This is used to allow a user to see a pipeline in the UI. They would have read-only access and can search logs and view activity. Without this access, the user would not even know the pipeline exists.

6. Click ‘Save’ button. The selected group now has the selected access to the pipeline.