User Groups
User Group
or simply Group
contains a set of users. Group
simplifies access management as you can grant
roles to a Group
instead of granting to the individual users one by one.
Constraints
- Bytebase does not support nested group. A group can only contain users, it can't contain another group.
- You can only add normal user account to the group and can not add service account. Service account within a group is an anti-pattern.
Add group
Within Workspace, go to IAM & Admin > Users & Groups, and Add Group from top-right.
Create an Email for this group, it'll serve as an account and cannot be changed after creation. Fill the group's name into the Title bar. You can Add member below, where they can be Group member
as well as Group owner
.
Here we've created a Contractor Group
, you can view or edit it under Groups page.
You can see which group a user belongs to under Users page as well.
Grant roles to group
Now that we've created this Contractor Group
, we can assign corresponding permissions to these groups within any project.
Select Project from top left. Enter Basic Project
.
Go to Manage > Members where you can see the project's members and roles. Our Contractor Group
is not among them before we Grant Access to the group from top right.
Choose Groups and Select our group in Grant Access detail page. Assign role and Confirm.
Now you can see the Contractor Group
under View by members page as well as View by roles page within Members section of Basic Project
.
All members within this group now share permission to the project.
Service account
You can only add normal user account to the group and can not add service account.
Service accounts are designed for application use, with each application typically having unique access needs. Since applications rarely perform identical functions, their required resource access tends to differ, making shared or identical permissions uncommon.