Skip to main content

RBAC groups
Enterprise

Reading time: 1 minute(s) (352 words)

With user groups, you can assign role bindings to the users of your organization in bulk.

Nobl9
Enterprise

Groups are available for Nobl9 Enterprise Edition customers who have configured the SCIM synchronization with their Identity Provider (IdP), for example, Azure AD or Okta.

Permission aggregation: Nobl9 RBAC uses an additive permission model. Users gain permissions from all their role assignments. Adding a user to a group with a different role does not replace their existing permissions; instead, it adds the new role's permissions to their existing ones. Permissions acquired through group membership cannot be revoked by individual assignments.

Importing RBAC groups

To create a user group in Nobl9, an Organization admin synchronizes the group data from the organization's IdP. After a successful Nobl9 SCIM-IdP synchronization, an Organization admin can view the group in Nobl9.

Organization admins can set role bindings for the imported groups from an IdP on the Nobl9 Web or using the sloctl apply command for the group RoleBindings.

To view the created group on the Nobl9 Web, Organization admins go to Settings > Groups:

Nobl9 Web > Settings > Groups

Click a group to open its details and view the group's identification information, its origin, and associated users and roles:

Group details

To assign a project to your group, open Projects & roles. Click

+ Assign project
and select the required project and role:

Assigning a project to the group

To assign an organization role to the group, click Organization roles and select the required role:

Assigning an organization role to the group

You can view user groups assigned to a specific project under the required project details > the Groups tab:

Groups in project details

All users group

Every organization with the

plan includes a default group, automatically created to simplify managing access for all users. This group contains every user in the organization, making it easy to assign project roles that apply globally.

The All users group is listed under the Settings > Groups tab, along with other groups. It's always on the top of the list and is marked by .

note

For organizations without SCIM integration, this is the only group available in the Groups tab.