Applies To:
GroupID 8 - Self-Service & Automate
Business Requirement:
To ensure that our groups always have an owner, we want to set up a policy that will enforce users to specify a primary owner during group creation and ensure that the owner cannot be removed afterwards.
Solution:
This is an important configuration to keep your directory clean. Every group must have an owner who is a responsible contact for the group. By applying the Group Owners policy, you ensure that you will not have orphaned groups in future.
By default, the Group Owners policy is not configured. You can enforce it at the role level in an identity store.
Steps:
- In GroupID Management Console, click the Identity Stores node.
- On the Identity Stores tab, double-click the required identity store to open its properties.
- Click the Security Roles tab.
- Select a role to configure the Group Owners policy for it and click Edit.
- On the Role Properties page, click the Policies tab.
- Click Group Owners in the left pane.
- Select the Primary Owner is required check box.
This ensures that when a role member creates a group using Automate or the Self-Service portal, he or she must specify a primary owner for it. Moreover, when the role member modifies the group, he or she can change the primary owner, but cannot remove it. - Click Apply and then OK.
In the presence of this setting, the primary owner is enforced as shown below.
Impact on the Self-Service portal:
When a role member tries to create a group without specifying a primary owner, he or she will get the following message:
Impact on Automate:
When a role member tries to create a group without specifying a primary owner, he or she will get the following message:
Similarly, when a role member tries to clear the primary owner of an existing group through group properties, he or she will get the following message:
Important: | For Automate, the Group Owners policy does not apply to groups that were created before the policy was specified. The warning message is displayed but changes are saved. For groups that are created after the policy is enforced, changes would not be saved until the policy is conformed to. |
Related Article:
How To: Ensure/enforce minimum number of additional owners for groups
Reference:
GroupID Online Help topic: Group Ownership Enforcement policy
Comments
0 comments
Please sign in to leave a comment.