Group Management

This chapter describes the concept of group and group profile configuration.

1. Overview

Groups are sets of users who have identical access authorities. For example, a department or a project team can be defined as a group. The authorities for an entire group can be managed as one entity instead of individually.

A group can become a sub-group of another group (which is then called a superior-group), and groups can keep multiple sub-groups. These are hierarchical group structures.

2. Group Profiles

When registering a new user group, a GROUP profile is generated and group information is stored in each field of the profile. GROUPNAME is a required field. The other fields are automatically set to their default values if no information is given.

The following table describes the parameter fields of a group profile.

Field	Description
GROUPNAME	Specifies the group name. (Required)
OWNER	Specifies the user ID or group name of the user. If not specified, the owner is set by default to the user ID.
SUPGROUP	Specifies the group that this group belongs to (superior group).
SUBGROUP	Specifies the subgroup that belongs to this group.

Field

Description

GROUPNAME

Specifies the group name. (Required)

OWNER

Specifies the user ID or group name of the user. If not specified, the owner is set by default to the user ID.

SUPGROUP

Specifies the group that this group belongs to (superior group).

SUBGROUP

Specifies the subgroup that belongs to this group.

Although MODEL, DATA, CREATION, and FLAGS are supported, their functionalities are not yet implemented. To prevent errors, only internal parameters are used for the fields.

3. Group Profile Owners

As with user profile owners, a user or group is specified as owner of a group profile.

The following authorities are assigned to the profile owner.

The ability to add or remove a user in the group.
The ability to inquire, modify, and delete the group profile.

4. User and Group CONNECT

User and Group Connect means defining the information of the group where a user belongs. Defining the information is useful when people who work in the same department or on the project may need to access identical resources. If they require identical access permissions, they can be grouped together and managed as one logical group. Users that are part of a group have access to all authorities available to the group.

4.1. Group-related Attributes

A group, also known as a user group, is a named collection of users in the user management system. If a user attribute is related to a specific group, it is called a group-related attribute.The attributes of a group (called 'group attributes') can be specified. The group attributes are identical to the ATTR in user profiles. (Refer to User Attributes for more information on user attributes.)

Users belonging to a group that has the 'group-special attribute' are identical to users with the special attribute (as they have access to all the group attributes of their group). Furthermore, users who have the group-audit attribute are identical to users with the auditor attribute.

4.2. Group-related Authorities

Users belonging to a superior-group may be granted permission to register, delete, change, or make inquiries related to the profile of the sub-group. They also have permission to connect a user to the sub-group.

The following table describes the user capabilities in the group.

Authority	Description
USE	Allows access to resources that the group is the owner of or is assigned.
CREATE	Allows the creation of a data set profile. Includes the USE authority.
CONNECT	Allows the connection of a user to the group. Includes USE and CREATE authorities.
JOIN	Allows the creation of a new user or group and assigns authorities to the user or the group.

Authority

Description

USE

Allows access to resources that the group is the owner of or is assigned.

CREATE

Allows the creation of a data set profile. Includes the USE authority.

CONNECT

Allows the connection of a user to the group. Includes USE and CREATE authorities.

JOIN

Allows the creation of a new user or group and assigns authorities to the user or the group.

5. CONNECT Profile

When a user is added to a group, a CONNECT profile is created. The user’s information is stored in each field of the profile. GROUPNAME and USER ID are required fields. The other fields are automatically set to default values.

The following table describes the CONNECT information between users and groups.

Field	Description
USERID	Specifies the user ID. (Required)
GROUPNAME	Specifies the group name. (Required)
AUTHORITY	Specifies the user’s group-related authorities. USE CREATE CONNECT JOIN For more information, refer to Group-related Authorities.
ATTR	Specifies the group attribute information identical to the user profile attributes. group-special attribute group-auditor attribute CONNECT JOIN For more information, refer to User Information.
ACCOUNT	When a user logs into the system, one of the several groups the user belongs to is selected. ACCOUNT specifies the number of system logins as a member of a specified group.
LCONNECT	Specifies the last time the user logged into the system as a member of a specified group.

Field

Description

USERID

Specifies the user ID. (Required)

GROUPNAME

Specifies the group name. (Required)

AUTHORITY

Specifies the user’s group-related authorities.

USE
CREATE
CONNECT
JOIN

For more information, refer to Group-related Authorities.

ATTR

Specifies the group attribute information identical to the user profile attributes.

group-special attribute
group-auditor attribute
CONNECT
JOIN

For more information, refer to User Information.

ACCOUNT

When a user logs into the system, one of the several groups the user belongs to is selected. ACCOUNT specifies the number of system logins as a member of a specified group.

LCONNECT

Specifies the last time the user logged into the system as a member of a specified group.

Although UACC, CREATION, and FLAGS is supported, their functionalities are not yet implemented. To prevent errors, only internal parameters are used for the fields.