Skip to content

Groups#

In RBAC, a group is a collection of users who are sourced from your LDAP directory. Whenever you add a group to an Organization or Team, all members of that group obtain the permissions that are associated with that Organization or Team.

LDAP group configuration#

To use LDAP groups, the authentication must be configured for LDAP access. Included in LDAP configuration:

  • LDAP server connection information

  • A group search filter that defines the groups that are available in your LDAP directory

Add groups to teams in an organization#

You can assign groups to teams that belong to an organization. When you do this, all members of the group obtain the permissions of the team and also inherit the permissions of the parent organization for that team.

Dynamic nature#

The use of groups allows you to quickly change permission sets for multiple users in a dynamic sense, in response to contextual factors, user attributes, and organization-wide changes. Groups are governed by predefined rules or policies that determine access based on real-time data, such as a user’s role, department, or project assignment.

When a user is added to an LDAP group in your directory, that user automatically inherits all of the permissions granted to that group within the system. The inverse is true as well, as the user will lose the granted permissions if they are ever removed from the group. No additional configuration or system updates are needed, as changes in your LDAP directory are automatically reflected. Thus, you do not need to manually manage individual user memberships when team structures change in your directory.

Group listing#

To obtain a list of the groups in a team belonging to organization

  1. Log in to the MKE 4k Dashboard as an administrator.

  2. Navigate to Access Control --> Orgs and Teams --> organization-name --> Team --> your-team.

  3. Click the Groups tab.

For more information, refer to Add groups to teams in an organization.

Removing groups#

When you remove a group from an organization, all of the permissions granted to the users who were members of that group are revoked.

Best practices#

  • Use groups to manage permissions for teams of users, rather than managing individual user permissions one by one.
  • Leverage the dynamic nature of groups by making your LDAP directory the single source of truth for team structure.
  • Ensure your LDAP group search configuration includes all of the groups that you intend to use.