Managing Organization Groups

Creating a new group

To create a new group, follow these steps:

  1. In the upper-right corner of the GROUPS section, click Create group.

  1. In the Name field, enter a name for the group.
  2. (Optional). In the Description field, enter a short description of the group.

  1. (For owners and admins). Assign a role to the group.
    The assigned role defines the access scopes the group will be granted. You can either select a default or a custom role. To learn how to create a custom role, see Manage Custom Roles.
  2. In the MEMBERS section, select the users to be added to the group.
  3. In the upper-right corner, click Create.

📘

Note:

In case if added user has lower role than the group role, user gets the rights corresponding to the group role. Otherwise, if user has higher role than the group role, user rights do not change.

Changing group configuration

You can change the name, description, and role of any custom group. This option is not available for the Everyone group, which is default and not configurable.

To change the group configuration, follow these steps:

  1. In the GROUPS section, select the group the configuration of which you want to change.

  1. In the GROUP CONFIGURATION section, make the required changes.
  2. In the upper-right corner, click Save.

Managing group members

You can add or remove users to/from a custom group. The Everyone group is the default group that includes everyone in the entire organization and cannot be changed.
To add or remove a user to/from a group, follow these steps:

  1. In the GROUPS section, select the group for which you want to define the members list.
  2. In the MEMBERS section, do the following:
  • Select the checkboxes next to the users that should be included into the group.
  • Clear the checkboxes next to the users that should be removed from the group.

  1. In the upper-right corner, click Save.

Adding a user to a group

How adding to a group affects the rights of group members:

If a group has a user with a role lower than the group role, the user gets the permissions of the group role. If a group has a user with a role upper than the group role, the user's rights do not change.

📘

Note:

Projects have no roles, only access groups. When creating a new project, we must specify which user groups will have access to the project.

When a user is added to a group (or multiple groups), their access to resources in the system is determined by the group role and their personal role. In Bright, roles have a hierarchy, and a user's effective role is determined by the highest role they have been assigned:

  • user should have the sum of permissions granted to the group role (or multiple groups) and the personal role
  • if group role scopes of at least one group, where the user was added, provide access to all projects/groups/users, these permissions should be effective for all projects/groups/users of the organization no matter which other groups this user is added and no matter which their project associations are