User Groups

User groups provide a way to define a hierarchy between users, enabling hierarchy based access control.

Make sure to get familiar with access evaluation.

Each non-system user must belong to a user group. If you upgraded from an older version, all existing users are assigned to the default user group.

When a new user signs up, the user is assigned to the user group defined by the auth client.

When creating users through the admin webapp, automation, or via the API; you need to specify the user group manually.

Configuring User Groups

User groups are configured and managed in the Corteza Admin webapp.

In the Admin webapp, navigate to the System  User Groups to see the list of currently defined user groups. Click on the New User Group button in the top left corner to open up the editor.

Annotated image

Fill in the required fields and select the parent user group. Click on the Submit button to create the user group.

Annotated image

After the user group is created, two new sections appear at the bottom of the page. You can assign users to the user group in the "User Group Members" section.

The user group of a particular user can also be changed from the user edit screen. Locate the "User group" drop down select to change the user group.

Don’t forget to save your changes by clicking on the Submit button.

Annotated image
Annotated image

You can assign roles to the user group in the "Role membership" section.

Annotated image

Additions

Auth Client Additions

Auth clients now specify the default user group newly created users are assigned to. The default user group (provisioned by Corteza) is assigned to all existing auth clients.

Annotated image

Contextual Role Expression

Contextual role expressions can now use the isDescendantOf to provide hierarchy-based access control.

We suggest you create a new contextual role which enables users access resources in lower user groups.