About Built-In Groups

Built-in groups are predefined groups. In the cloud, in addition to a tenant administrator group, each environment has a built-in administrator, publisher, and user group.

For example: A tenant, named Cumulus, is created for your organization. Within this tenant there are two environments: Development and Production. The following built-in groups would be available:

  • admin [cumulus.com]
  • admin [Development]
  • publisher [Development]
  • user [Development]
  • admin [Production]
  • publisher [Production]
  • user [Production]

The same user can be a part of multiple groups. You can assign users to a built-in group or create a new group.

Note: If you grant project configuration permissions to a group, the users in that group will have full access to the project configuration- the user will be able to create new versions of the project configuration, as well as edit and delete the project configuration.

The following list defines the permissions granted to each of the built-in groups:

  • Tenant Administrator Group. Provides privileges to all environments, users, groups, and projects in a specific tenant. Permits users to create, edit, and delete users and custom groups in the tenant. Users in this group can add and delete users to and from any built-in or custom group in the tenant. Users in this group can view, edit, and delete permissions for all source projects in the tenant.

    Users in this group can view all the environments in the tenant and have all the permissions of an environment administrator in each of the tenant environments.

  • Environment Administrator Group. Provides privileges to all users, groups, and projects in a specific environment. Permits users to create, edit, and delete users and custom groups in a specific environment. Users in this group can add and delete users to and from any built-in or custom group in the environment.

    Environment Administrators can also create and deploy project configurations for project that any environment publisher publishes, and view orchestration job details for any project configuration in the environment. With environment administrator group privileges you can edit permissions that publishers for the same environment set for their individual project configurations.

    Even though members of the Environment Administrator group have Environment Publisher group and Environment User group privileges, the members of the Environment Administrator Group do not appear in other groups in the same environment until you explicitly add the user.

  • Environment Publisher Group. Provides project privileges in a specific environment. Permits users to create, deploy, or delete project configurations for any project that they publish in the environment. Users in this group can also start and stop orchestrations and view orchestration job details for project configurations they deployed in the environment. As an environment publisher, you can grant permissions for individual project configurations you create to another user with environment publisher privileges for the same environment.

    The members of the Environment Publisher Group are not displayed in the Environment User Group, until you explicitly add the user.

  • Environment User Group. Permits users to monitor alerts and orchestrations in a specific environment. Users in this group can create and edit projects; however, they cannot publish the project to an environment. You must have Publisher privileges for the specific environment to which you want to publish a project. All users are automatically members of the Environment User group.

    In a multi-environment tenant, users in this group only see the environment tab for environments of which they are a member. For example, a tenant has a Development, a Staging, and a Production environment. The tenant administrator or administrator of the Development environment adds a user to the User [Development] group. When the user logs in to the tenant, the user can only see the Development environment, even though the tenant has two other environments.




Feedback | Notices


Timestamp icon Last updated: Tuesday, 27 September 2016


http://pic.dhe.ibm.com/infocenter/wci/v7r0m0/topic/com.ibm.wci.live.doc/CloudHelp/Permissions/aboutBuiltInGroups.html