A group is a set of EIM users to which you can grant the same permissions to interact with your 3DS OUTSCALE resources. A user can belong to several groups at the same time.
Groups are created within your account and enable you to control which resources their users can access and which actions they can perform depending on the permissions you grant them. For more information, see the Groups and Permissions section below.
A group has the following attributes:
- A group name: The common name for the group that you specify when creating it. This group name must be unique for your account.
- A group ID: A unique global identifier that is automatically created for the group.
An Outscale Resource Name (ORN): A unique resource identifier for the group, which indicates where the resource is in the Cloud (service, account, resource type, and so on).
3DS OUTSCALE uses ORNs to identify users, groups, and your resources in EIM policies. For more information, see Resource Identifiers.
You can also specify a path to indicate where the group is within your organization and use it as a filter when listing your groups.
For more information, see Resource Identifiers.
Groups and Permissions
Groups enable you to apply inline or managed policies to several users at the same time. For more information, see About Policies.
When you add users to a group, they are automatically granted the permissions associated with this group. When you remove users from a group, they automatically lose the permissions granted to this group. A user can be in several groups at the same time and, therefore, benefit from the permissions associated with all these groups.
- To apply permissions to all users in your organization at the same time, you can create a default group that contains them all.
- To avoid using root user credentials and to better control users who have unrestricted permissions for your account, we recommend that you create an Administrators group containing all users with administration rights. For more information, see About EIM Users > Root User.
Each user in a group uses their own credentials to authenticate to 3DS OUTSCALE services. Credentials are never shared among users in the same group. For more information, see About EIM Users > Users Credentials and Managing Access Keys for EIM Users.