icon-dspm.svg
Posture Control (DSPM)

About Groups

A group is a logical entity that includes several users. Each group is assigned a single role and all users in the group are assigned the same role. Users can be assigned to multiple groups, so they can perform tasks based on the group's role and permissions. A group is also assigned to a single or multiple business units (scope). Depending on the permissions, group users can access data on cloud accounts within specific business units.

You can add groups for single sign-on (SSO). This allows users in the group to log in to the DSPM Admin Portal directly from an Identity Provider's (IdP) portal. Any new users added to this group can also use SSO to log in to the DSPM Admin Portal.

While adding a group for SSO in the DSPM Admin Portal, make sure to use the same group name that exists on the IdP portal. To learn more, see Adding Identity Providers.

DSPM provides the following default groups:

  • Default Super Admin: A group that has read, add, edit, and delete privileges in the DSPM Admin Portal.
  • Default Read Only: A group that has only read privileges in the DSPM Admin Portal.
  • ZIA Viewers: A group that has view only privileges in the DSPM Admin Portal. The group consists of ZIA users connecting to the DSPM Admin Portal via a link that is available on the ZIA dashboard in the ZIA Admin Portal.
  • ZIA DLP Managers: A group that has read, add, edit, and delete privileges in the DSPM Admin Portal. The group consists of ZIA users connecting to the DSPM Admin Portal via a link that is available on the ZIA dashboard or Policy in the ZIA Admin Portal.

The group entity has the following benefits and enables you to:

  • Create and manage groups.
  • Assign users to single or multiple groups with specific roles.
  • Assign groups to different business units.
  • Control users' RBAC permissions through groups.

About the Groups Page

On the Groups page (Administration > Authentication & Authorization > User Access Management > Groups), you can do the following:

  1. View the list of groups. For each group, you can see:

    • Group Name: The name of the group. Click to view the user name and email ID of the user within the group.

    • Role: The role assigned to the group. Click to view the different modules that this role can access.

    • Users: The number of users in this group.
    • Group Scope: The number of business units that are assigned to the group.
  2. Add a Group.
  3. Search for specific data in the searchable columns.

  4. Edit the group details.

    You cannot edit Default Super Admin and Default Read Only predefined groups.

  5. Delete a group.

    You cannot delete predefined groups.

  6. Modify the table and its columns.
  7. Sort the column data.
  8. Export the data as a CSV file.
  9. Go to the Users page.
  10. Go to the Roles page.

View the Groups tab

Related Articles
About UsersAdding UsersEditing or Deleting UsersAbout GroupsAdding a GroupEditing or Deleting a Group