6. Group management#
This page describes group management in Nubus. It addresses functional administrators who manage groups and their members. You find the following sections on this page:
Nubus stores groups in the LDAP directory service. Typically, groups contain user accounts. However, they also optionally consist of other objects types, for example computer objects. Groups are the basis to differentiate permissions in Nubus.
For a reference about the Groups management module, see Groups module.
6.1. Assign users to groups#
You can assign user accounts to groups in the following ways:
A selection of groups to a user account in the User management module, see Groups in Groups tab - Users management.
A selection of user accounts to a group in the group management module, see Users in General tab - Group management.
6.2. Recommendation for group name definition#
One important and required attribute for groups is the group name. This section describes a recommendation for the group name definition. Consider the recommendation as a guideline and not a rule. Keep potential side effects in mind when defining group names outside the recommendation.
To avoid conflicts with the different tools handling groups in Nubus, adhere to the following recommendations for the definition of group names:
Only use the following characters from the ASCII character set for group names:
Upper and lower case letters (
A-Za-z)Digits (
0-9)Hyphen (
-)Space
The group name starts with a letter from the ASCII character set.
The space isn’t allowed as first or last character.
The hyphen isn’t allowed as last character.
In Nubus the group name has at least a length of 4 characters and at most 20 characters.
The recommendation results in the regular expression in Listing 6.1.
^[A-Za-z][A-Za-z0-9 -]{2,18}[A-Za-z0-9]$
6.3. Group nesting with groups in groups#
Nubus supports group nesting,
also known as groups in groups.
This simplifies the management of the groups.
For example, if you manage two locations in one domain,
you can create two groups IT staff location A and IT staff location B,
You can assign user accounts of the respective location’s IT staff
to either group.
To create a cross-location group,
it’s sufficient to define the groups IT staff location A and IT staff location B as members.
Nubus automatically detects cyclic dependencies of nested groups and refuses them.
Nubus resolves nested group memberships during creating the group cache. Nested groups are therefore transparent for applications. For more information, see Local group cache.