Group Properties (FIP)
gateway
gateway
Every internal group or Federated group has a set of extended properties that can be set either when the group is first added to the system, or deferred until a later date. (During initial entry, only a minimal amount of group data is required, to facilitate rapid entry of many groups.)
Most properties for LDAP groups cannot be modified in the Policy Manager, with the exception being roles.
To access the properties for a group user
:- Do one of the following:
- Create a new internal or Federated group, making sure to select the Define Additional Properties check box.
- Edit an existing internal or Federated group.
- Locate the group by searching the identity provider.
- Configure each tab within the properties as necessary, wherever possible. All information is optional. Refer to the appropriate section below for a complete description of each tab.
- Click [OK] when done.
Configuring the [General] Tab
The [General] tab is used to enter additional basic information about the group.
- Enabled: This applies to internal groups only. Select this check box to enable the group. Clear this check box to disable the group.When a group is disabled, it cannot be used to authenticate message traffic and its permissions are suspended. A user’s set of permissions is a combination of his or her role assignments, plus any role assignments inherited from the group. When a group is disabled, the inherited assignments no longer apply. If a user has no other role assignments, then that user will no longer be able to connect to the Gateway using the Policy Manager.
- Description: Enter a description of the group.
Configuring the [Membership] Tab
The [Membership] tab is used to add or remove users to or from the group.
- Click [Add]. A list of eligible users not currently assigned to that group appears.
- Select one or more users who should be added to the group. Hold down the [Ctrl] key to select multiple users.
- Click [Add]. The user(s) are added to the group.
- If you need to remove a user from the group, select the user and then click [Remove].
Configuring the [Roles] Tab
The [Roles] tab is used to add or remove groups from roles. Roles may be assigned to internal or LDAP groups.
The table at the top lists the roles currently assigned to the group:
- Name: The name of the role.
- Type: "System" indicates a role that is either predefined or automatically generated (see Predefined Roles and Permissions). "Custom" indicates a user-defined role (see Manage Roles).
- Inherited: "No" means the group is assigned to the role directly; "Yes" means the group is part of another group that is assigned to that role .
The Role properties section at the bottom displays the complete description for the selected role.
To add the group to a role
:- Click [Add]. A list of eligible roles is displayed.
- Select the role(s) to which to add the group.To locate a role more easily, enter some text in the "Filter on name" box. This filters the roles list to display only those roles containing the filter text. Delete the filter text to restore the full list of roles.
- Click [Add] to close the dialog.
To remove a user from a group
:- Select the role(s) to be removed from the group. Hold down the [Ctrl] key to select multiple roles. Note: You can only remove roles that are not inherited.
- Click [Remove].If a role is both assigned and inherited, the interface will display "No" in the "Inherited" column and you are permitted to remove the role. Once removed, that role remains in the list, but the "Inherited" column changes to "Yes".