Managing groups in federated repositories

After you enable administrative security with federated repositories for the realm, you can create and manage groups of federated repository users. A group is a collection of user members that can be used to satisfy specific business needs, such as granting access to a resource.

Important: Before you can create and manage groups of federated repository users, you must enable administrative security with federated repositories and specify the primary administrative user name. The user must have an Administrator role. For information about enabling administrative security with federated repositories and creating users, see Managing users in federated repositories or Authorizing access to administrative roles.

You can manage federated repository groups with the administrative console or wsadmin commands. The following information describes console steps. For information about commands, see User and group management commands.

Creating a group

You can create one or more federated repository groups. The group names and descriptions are added to the user registry.

Important: If the federated repositories configuration changed since the application server or deployment manager was started, you must restart the application server or deployment manager to ensure that changes to users and groups are saved to the current configuration.
  1. In the administrative console, click Users and Groups > Manage Groups > Create.
  2. On the Create a group page, specify a name to identify the group in the Group name field and click Create.

    Optionally, you can specify a brief description for the group in the Description field. The description must be an alphanumeric string with characters that are part of the local code set.

  3. If successful, a message displays indicating that the group was created. To create another group, click Create Like. To return to the Manage Groups page, click Close.

To later change group names or descriptions, see Changing groups.

Adding users to a group

You can add users to a group.

  1. Click Users and Groups > Manage Groups > group_name.
  2. On the Group Properties page, click the Members tab and then Add Users.
  3. On the Add Users to a Group page, click Search and select the users to add. Press Ctrl to select multiple users.
  4. Click Add.
  5. After you finish adding users, click Close.

The users are shown on the Members tab of Group Properties page.

You can also add a user to groups when you create a user or later on the Groups tab of the User Properties page. To access the page, click Users and Groups > Manage User > user_name.

Viewing group information

You can view information about a specific group.

  1. Click Users and Groups > Manage Groups > group_name.
  2. On the Group Properties page, click the General, Members, and Groups tabs to see information about the group, such as user members and the groups in which the group you are viewing is a member.

On the Group Properties page, you can also edit the group information. For more information, see Changing groups.

Searching for groups

You can search for existing groups that match the search criteria that you specify.

  1. Click Users and Groups > Manage Groups.
  2. In the Search by field, select the attribute to use for the group search. For example, select Group name.
  3. In the Search for field, specify the string to search for or use the wildcard character (*) to search for all groups. Whether the search is case sensitive or case insensitive depends on the user registry that you are using.
  4. In the Maximum results field, specify the maximum number of search results that you want to display.
  5. Click Search. After the search completes, a table is displayed that lists the group names that match your search criteria. Descriptions, if any, are also provided.

You can create a filtered list of groups by specifying the type of filter and the text to be used as part of the search criteria.

  1. Click the Filter icon. Click to show the list filters for the list. filter icon.
  2. To filter on an attribute, click the [No Filter] link or, if a filter exists, click the filter name link. Then, specify the filter type and text, and click Apply.
  3. After you finish working with filters, click Close.

You can change the display of the search results. For example, you can change the number of groups to be viewed on a page. You can also duplicate group membership for selected groups.

  1. Click the Options icon. Click to show the display options for the list. options icon.
  2. To view more or fewer entries on a page, change the number in the Entries per page field, and click Apply.
  3. To assign the same membership as another group, select one or more groups, select the Duplicate Group Assignments action, and click Apply.

Changing groups

You can change group information such as membership on the Group Properties page. To access the page, click Users and Groups > Manage Groups > group_name.

On the Group Properties page, click the General, Members, and Groups tabs, change the information, and click OK to save and return to the previous page, or click Apply to save but remain on the same page. Table 1 describes actions that you can complete on the tabs to change group information.
Table 1. Actions from the Group Properties tabs
Tab name Available actions from the tab
General Change the group name or description.
Members Change the list of members of the group.
  • Use Add Users to add users as members to the group.
  • Use Add Groups to add other groups as members to the group. To add a group, you must have more than one group and the other group must not be a member already.
  • Use Remove to remove selected users or groups from the group.
Groups Change the groups in which the group is a member.
  • Use Add to add the group to one or more other groups. The group becomes a member of the other groups. To add the group to another group, you must have more than one group and the group must not be a member already of the other group.
  • Use Remove to remove the group from the selected groups.

Deleting groups

You can delete groups and remove the group names from the user registry.

Important: If the federated repositories configuration changed since the application server or deployment manager was started, you must restart the application server or deployment manager to ensure that changes to users and groups are saved to the current configuration.
  1. Click Users and Groups > Manage Groups.
  2. On the Manage Groups page, select one or more groups to delete. If needed, search or filter the list of group names to find the groups to delete.
  3. Click Delete and, when prompted, click Delete again to confirm deletion

The groups are deleted and removed from the user registry. The table that lists the groups no longer displays the names of the deleted groups.