Groups
In Data Access, a group is a collection of identities. A group can also include other groups. The identities and nested groups within a group are collectively called members.
You can use groups as beneficiaries in access controls to define who gets access to data. Groups help you efficiently manage or assign access to multiple identities at once.
Groups are imported from your data sources during synchronization. You cannot edit or delete groups in Data Access. Groups in Data Access also include Collibra user groups.
Groups as access controls
A group is a specialized type of access control. While standard access controls such as roles, column masks, and row filters map specific users (the Who component) to specific data objects (the What component), a group has only a Who component, which consists of identities or other nested groups.
How to use groups
You can use groups in the following ways for access management:
- As beneficiaries: You can add groups as beneficiaries in access controls. For example, if you add a group as a beneficiary in a role, all identities within that group inherit the permissions that are defined in the role.
- In dynamic rules: Groups can have tags that are imported from your data sources, and these tags are automatically inherited by the identities within the group. You can use these tags to define dynamic rules for access controls. For example, you can create a dynamic rule that grants Read access on a data object to any identity that inherits the tag
Department:Salesfrom its group.
View a group
To view a group, on the Data Access landing page, in the left pane, click RESOURCES > Groups, and then click the group. A group page contains the following information.
| Section | Description |
|---|---|
| Summary tab | |
| Parent groups |
Other groups that this group is a member of. |
| Members |
Identities and other groups that are members of this group. |
| Access tab | |
| Data objects | Data objects that this group can access. |
| Roles | Roles that allow this group to access data. |
| Access on request | Access controls that allow this group to temporarily access data upon request. |
| Column masks | Column masks that allow this group to see unmasked data. |
| Row filters | Row filters that allow this group to see filtered rows. |
| Audit tab | Audit trail of this group. |