Manage Groups

Security Requirements and Controls

LogScale's group management system enables organizations to efficiently control user permissions by creating and managing groups of users with specific access levels and roles across repositories and views. Organizations can create new groups, assign permissions, manage user memberships either directly or through external system synchronization, and modify group roles as needed, with the requirement that users must have the "Manage Users" permission or be root users to perform these administrative tasks.

Assigning permissions to individual users in larger organizations can be a cumbersome task. LogScale allows you to create groups and either manage user memberships directly in LogScale or by synchronizing with an external system.

Either way, you need to create groups in LogScale first.

Then you need your group to have users and permissions assigned to it. Any user who is assigned the Change user access permission can assign permissions to groups for a repository.

Note

You need to be an Organization owner on Cloud, or have the Manage Users to create groups and assign them users and permissions.

Note

If you intend to administer access to repositories and views centrally by an organization owner or root only, be sure not to grant the Change user access permission to anyone. In practice, this means removing the permission from all roles thus not allowing any users to go to a repository or view and add another user or group directly.

Create New Groups

Security Requirements and Controls

  1. Click on the profile menu icon and select Organization Settings then Users and permissionsGroups.

  2. Click +Add... to create a new group.

  3. Enter a group name, such as "Operations", and select the permission levels to apply to the new group. (See all types described at Permission levels.) Then click Next:

    Screenshot of the LogScale 'Create Group' dialog showing the initial configuration interface. The form displays a text field for entering the group name (such as 'Operations') and a selection panel for choosing permission levels to apply to the new group. Permission levels likely include options for organization-level access, repository and view access, and other security categories. At the bottom of the dialog is a 'Next' button that advances to the repository selection screen. This interface is the entry point for defining a new user group and its basic permission framework.

    Figure 58. Create Groups


  4. For the Repository and view level, choose whether the group should apply a role to a selection of repositories and views or to all current and future repositories and views. Select the preferred repositories or views and click Next.

  5. Select a role for the new group, for example, Admin, then click Create group. You now have an empty group with no users assigned but the Admin role is given to all the selected repositories or views:

    Screenshot of the LogScale interface showing a newly created group with no users assigned. The interface displays the group details page with an empty Users list and the assigned Admin role (or whichever role was selected) applied to the previously selected repositories or views. This screen appears immediately after completing the group creation process by clicking 'Create group' and serves as the starting point for adding users to the group or configuring role exceptions for specific repositories.

    Figure 59. New Group Created


    Afterwards, the added users are in the Users list.

  6. If you have a few repositories that need to be treated differently, click Exceptions to apply different permissions to selected repositories.

To get add a group through your own application, use the addGroup() mutation of the GraphQL API.

Note

Only users who have accepted the email invitation and completed the first log-in process can be added to a group.

Add Users to Groups

You can easily assign users to a group from the user interface. Below are the steps to do this:

  1. Click on the profile menu icon and select Organization Settings. Under the Users and permissions heading in the left margin, click Group.

  2. Next, select a group to which you want to add users. In the right panel for the group, click on the Users tab.

  3. On the right will be a button labeled, + Add.... Click it and then a box will appear with a list of users, like the one in the screenshot below:

    Screenshot of the LogScale 'Assign Users to Groups' dialog showing a user selection interface. This popup appears after clicking the '+ Add...' button in the Users tab of a group management page. The interface displays a dropdown or selection field where administrators can choose which existing user to add to the current group, along with a 'Save' button to confirm the assignment. This dialog enables administrators to populate groups with members who will automatically inherit all permissions and access rights assigned to the group, supporting efficient role-based access control management.

    Figure 64. Assign Users to Groups


  4. Select the user you want to add to the group. You may add more than one. Ones that are already added will remain in the group.

    When you're finished, click Save. The users you selected will then be added and shown under the Users tab for the group.

To add a user with your own program or from the command-line, see the addUsersToGroup() page in the GraphQL API documentation.