1. Home
  2. admin
  3. user groups

Roles

These are the roles that are needed:

  • Admin
  • Can create groups
  • Can delete groups
  • Can read groups
  • Can reindex groups
  • Can write groups

User Groups Administration

Users are typically grouped together into user groups. These match very closely to how the majority of organization group together users by department and job roles. For example Account Groups might need to have access to billing and usage information, whereas System Administrators need to have access to administrate Storage, and other IT systems.

iconik Groups can mirror those organization groupings, and/or Directory groupings but it also allows a user to be a member of more than one group at a time. So for instance a user could be in the Group for uploading new Assets as well as for adding metadata. But another user is only allowed to download and add metadata.

iconik user groups

Listing User Groups

  1. Click on ADMIN in the top navigation.
  2. Choose User Groups from the left navigation bar by pressing

Primary Groups

A user's primary group will dictate that the user inherits this primary group's settings. These settings include Required Metadata Fields, Default storage and ACL Template if they happen to be specified in that group's settings. These settings can be overwritten, however, i.e. ACL Template settings can be superseded by ACL Templates set on storages and collection ACLs.

When a user has a group set as their Primary group, an administrator will not be able to remove them from this group until it is removed as their primary group and replaced with another.

Roles on Groups

Each group can have one or more roles associated to it. These allow granular control of what members of the group are allowed to do. For instance, a user that is in groups is only allow to download if one of the groups they are a member off has the role download.

By organizing users into groups, and then matching roles to groups you can insure functionality is only available to those that need it.

SAML options

On the group edit page there are two options relevant only for users logging in and getting groups assigned via SAML.

  • SAML Default User Type assigns which user type new users logging in via SAML will get if members of this group
  • SAML Primary Group Priority tells if this group should be considered a primary group when adding new users via SAML login. 0 means that it will be not considered, and if a user is a member of multiple groups the one with the highest priority will be applied as primary group.

Changing the groups you are a member of

Only System Administrators are allowed to change which group you are a member of. Ask your Administrator for more details.

User Group Administration

Learn more