Group Memberships
Security Requirements and Controls

Learn how user group memberships work in LogScale, including how users can belong to multiple groups that determine their access permissions and data visibility. Configuration options like LDAP and SAML allow for synchronizing group memberships from external directories. Other options include automatic user creation upon login and settings to control access based on group assignments.

A user may be a member of zero or more groups. Users who are not members of any groups can log in but can not access anything but the personal sandbox and the system repos that provide access to data on their own actions and metrics. A user can also have direct role assignments on a view.

The group memberships usually stem from an external directory, such as your LDAP tree or an Identity Provider (IdP). It is also possible to edit the group memberships through the user interface to support cases where the login mechanism only supplies the identity of the user and not the group memberships.

Table: User Access Based on Group Membership

Group Membership Status Access Rights Access Source
User is not a member of any groups

  • Personal sandbox

  • System repos that provide access to data on their own actions and metrics

Default access
User is a member of one or more groups

  • All permissions assigned to the groups

  • Access to repositories and views assigned to the groups

  • Roles assigned to the groups

  • Personal sandbox

  • System repos

Group memberships typically stem from external directories (LDAP or Identity Provider). Access is cumulative across all groups.
User has direct role assignments on a view (in addition to or instead of group membership)

  • All permissions from directly assigned roles

  • All permissions from group memberships (if applicable)

Assigned by administrator.