Manage Groups

Security Requirements and Controls

LogScale's group management system enables organizations to efficiently control user permissions by creating and managing groups of users with specific access levels and roles across repositories and views. Organizations can create new groups, assign permissions, manage user memberships either directly or through external system synchronization, and modify group roles as needed, with the requirement that users must have the "Manage Users" permission or be root users to perform these administrative tasks.

Assigning permissions to individual users in larger organizations can be a cumbersome task. LogScale allows you to create groups and either manage user memberships directly in LogScale or by synchronizing with an external system.

Either way you need to create groups in LogScale first.

Then you need your group to have users and permissions assigned to it. Any user who is assigned the Change user access permission can assign permissions to groups for a repository.

Note

You need to be a root user or have the Manage Users on self-hosted installations to create groups and assign them users and permissions.

Note

If you intend on administering access to repositories and views centrally by an organization owner or root only be sure not to give out the Change user access permission to anyone. In practice this means removing the permission from all roles thus not allowing any users to go to a repository or view and add another user or group directly.

Create New Groups

  1. Click on the user menu icon in the upper right corner and select Organization Settings then Users and permissionsGroups on the left.

  2. Click +Add... to create a new group.

  3. Enter a group name, such as "Operations", and select the permission levels your new group should belong to (see all types described at Permission Levels), then click Next:

    Screenshot of the LogScale 'Create Group' dialog showing the initial configuration interface. The form displays a text field for entering the group name (such as 'Operations') and a selection panel for choosing permission levels to apply to the new group. Permission levels likely include options for organization-level access, repository and view access, and other security categories. At the bottom of the dialog is a 'Next' button that advances to the repository selection screen.

    Figure 60. Creating Groups


  4. For the Repository and view level, choose whether the group should apply a role to a selection of repositories and views or to all current and future repositories and views: select the preferred repositories or views and click Next

  5. Select a role for the new group e.g. Admin, then click Create group, you now have an empty group with no users assigned but the Admin role is given to all the selected repositories or views:

    Screenshot of the LogScale interface showing a newly created group with no users assigned. The interface displays the group details page with an empty Users list and the assigned Admin role (or whichever role was selected) applied to the previously selected repositories or views. This screen appears immediately after completing the group creation process by clicking 'Create group' and serves as the starting point for adding users to the group or configuring role exceptions for specific repositories.

    Figure 61. New Group Created


    Afterwards the added users will be in the Users list.

  6. If you have a few repositories that need to be treated differently, click Exceptions to apply different permissions to selected repositories.

Note

Only users who have accepted the email invitation and completed the first log-in process can be added to a group.

Change Roles

You can modify the role assigned to a group — that is, its set of permissions — at your convenience.

  1. Go to Users and permissionsGroups and select your group from the list of available groups. You can search if the one you are looking for is not immediately visible in the list, or filter by type.

  2. Click the Permissions tab of the selected group and click Change role.

    Screenshot of the LogScale group permissions management interface showing the Permissions tab with a 'Change role' button. This screen displays the currently assigned role for the selected group and provides the entry point for modifying the group's permission set. The interface appears after selecting a specific group from the Groups list and navigating to its Permissions tab. This is the starting point in the workflow for adjusting a group's access rights, enabling administrators to update permission levels as organizational requirements evolve without having to modify permissions for individual users.

    Figure 65. Changing Permissions to Groups


  3. In the dialog popping up, click Apply role, this will update the default role for the entire group.

    Screenshot of the LogScale role application confirmation dialog showing an 'Apply role' button that finalizes permission changes for a group. This popup appears after selecting a new role and clicking 'Change role' in the Permissions tab. The dialog prompts administrators to confirm that they want to update the default role for the entire group, likely with information about which role is being applied and the security implications of this change.

    Figure 66. Apply Roles to Groups