Manage user groups
- How to use a user group in your Temporal Cloud account
- How to assign roles to a user group
- How to manage users in a group
- How SCIM groups work with user groups
How to use a user group in your Temporal Cloud account
User groups can be used to help manage sets of users that should have the same access. Instead of assigning the roles to individual users, a user group can be created, assigned the desired roles, and then users added to the user group. This eases the toil of managing individual user permissions can simply access management. When a new role is needed, it can be added to group and all users' access will reflect the new role.
- Web UI
- tcld
TODO
See the tcld user-group create command reference for details.
How to assign roles to a user group
Each user group in Temporal Cloud can be assigned roles. The roles are the same as used for users.
Users can be assigned to many groups. In the event that user's group memberships have multiple roles for the same resource, the user will have an effective role of the most permissive of the permissions. For example if a Group A grants a read-only role to a namespace, but Group B grants a write role to a namespace then a user that belongs to both Group A and Group B would have the write role to the namespace.
- Web UI
- tcld
TODO
See the tcld user-group set-access command reference for details.
How to manage users in a group
Users can be added or removed from a group in the following ways.
- Web UI
- tcld
TODO
See the tcld user-group add-users and the tcld user-group remove-users command reference for details.
How SCIM groups work with user groups
SCIM groups work similarly to user groups with respect to role assignment. The lifecycle of the SCIM group is managed by the SCIM integration which means:
- SCIM groups cannot be created except through the SCIM integration
- SCIM groups cannot be deleted except through the SCIM integration
- SCIM group membership is managed through the SCIM integration