Assign Users
It is crucial to manage access rights efficiently and securely. A fundamental aspect of this management involves assigning users to groups, which in turn dictates their access to various resources. This topic outlines the process for assigning users to groups, focusing on the role of an administrator in managing user access within a security-conscious environment.
Key components
Before delving into the process of assigning users to groups, it is essential to understand the key components:
User: An individual with access to the system, characterized by a unique set of credentials and access requirements.
UserGroup: A collection of users classified under a common label, often associated with specific Role, or access permissions.
Role: A defined collection of permissions, determining what actions Users with that role can perform and what resources they can access.
Admin capabilities in group assignment
An administrator plays a critical role in managing the access rights of users. Their capabilities include:
Adding users to groups: Administrators can assign users to one or more groups. This assignment determines the users' access to APIs and data based on the permissions associated with the groups.
Removing users from groups: Administrators can revoke access by removing users from groups, effectively withdrawing the permissions associated with those groups.
Modifying group assignments: Administrators can change the group assignments of users to update their access rights as needed.
Methods of assigning users to groups
Admins can assign users to groups using the C3 AI Studio user interface (UI) in two primary ways:
Group perspective:
Single and bulk actions: Admins can add or remove one or multiple users to/from a group. This flexibility allows for efficient management, whether dealing with individual user cases or bulk modifications.
User visibility: If a user is added but has not yet logged in, they can still be visible on the Users page, ensuring transparency in user management.
Add user flow:
- Administrators can add one or several users to one or more groups simultaneously during the user creation process. This method streamlines the process of setting up new users with the appropriate access rights from the outset.
Steps to assign users to groups
Here is how to assign users to a group using C3 AI Studio:
- In C3 AI Studio, navigate to the Apps page.
- Select the application where you want to assign users to groups. To assign the
StudioAdmin,StudioUser,ArtifactHubAdmin, andJarvisAdminroles, select thestudioapplication. - Select User Management
- Select +.
- In the User Identifiers field, enter the user IDs or emails for the users you want to assign roles to. If you are assigning groups to multiple users, separate each identifier with a comma.
- In the User Groups field, enter the roles you want to assign.
- Select Add.
Alternatively, you can assign roles in C3 AI Console:
User.make({id: "<user ID>"}).addToGroup("<group id>")Security-Level constraints in group assignment
An important security measure in place is the restriction based on security levels:
Security-level hierarchy: Admins can only assign users to groups with a security level equal to or lower than their own. For example, a user with the role of
C3.UserAdmincannot assign a user to theC3.ClusterAdmingroup if the latter has a higher security level.This hierarchy ensures that group assignment adheres to the principle of least privilege, minimizing the risk of
unauthorized or excessive access rights being granted.
The process of assigning users to groups is a cornerstone in access management within secure platforms. Admins are equipped with the tools to efficiently manage user access rights, adhering to security best practices and ensuring that users have access commensurate with their roles and responsibilities. By understanding and effectively utilizing these capabilities, organizations can maintain robust security protocols while facilitating smooth operational workflows.