Groups
Groups allow you to organize users into logical collections for easier permission management. Instead of assigning permission sets to individual users, you can assign them to a group, and all members of that group automatically receive the access.
Groups List
The Groups page displays a paginated table of all groups in your organization.
Available Actions
From the Groups section, you can perform the following operations:
| Action | Description | Link |
|---|---|---|
| Create Group | Create a new group | Create Group |
| Delete Group | Remove a group | Delete Group |
| Manage Members | Add or remove users from a group | Manage Members |
Why Use Groups?
Groups simplify access management in several ways:
- Scale -- Assign a permission set once to a group instead of to each user individually.
- Consistency -- All group members get the same access, reducing the risk of configuration drift.
- Onboarding -- New team members only need to be added to the right groups to get all necessary access.
- Offboarding -- Removing a user from a group immediately revokes the group's access.
Design your groups around teams or job functions. For example, create groups like "Engineering", "Finance-ReadOnly", or "DevOps-Admin" that map to your organization's access patterns.
Create Group
Create a new group to organize users and simplify permission set assignments. Groups serve as the building block for scalable access management in Prism.
Step-by-Step Guide
- Navigate to Admin Portal > Groups from the sidebar.
- Click the Create Group button at the top of the groups table.
- Fill in the group details:
- Group Name -- Enter a unique, descriptive name for the group.
- Description -- Optionally, enter a description explaining the group's purpose.
- Click Create to create the group.
Field Reference
| Field | Type | Required | Description |
|---|---|---|---|
| Group Name | Text | Yes | A unique name for the group. Used to identify the group across Prism and AWS. |
| Description | Text | No | An optional description of the group's purpose. Helps other admins understand what the group is for. |
Use clear, descriptive group names that indicate the group's purpose or the team it represents. For example: Engineering-ReadOnly, DataScience-PowerUser, or Security-Admin.
What Happens Next
After creating a group:
- The group is created in Prism's database with zero members.
- The group appears in the Groups list.
- You can now add members to the group.
- You can create assignments that target the group.
A group with no members or assignments has no practical effect. After creating a group, add members and create assignments to make it operational.
Delete Group
Remove a group from your Prism organization. Deleting a group removes all member associations and revokes any permission set assignments that were made to the group.
Prerequisites
- The group you want to delete must already exist.
Step-by-Step Guide
- Navigate to Admin Portal > Groups from the sidebar.
- Locate the group you want to delete in the groups table.
- Click the Delete action button on the group's row.
- A confirmation dialog will appear, asking you to confirm the deletion.
- Review the group name displayed in the dialog to ensure you are deleting the correct group.
- Click Confirm to proceed with the deletion, or Cancel to abort.
Deleting a group is irreversible. All users will be removed from the group, and all permission set assignments targeting this group will be revoked. Users who relied solely on this group for AWS access will lose that access.
What Happens Next
After deleting a group:
- The group is removed from Prism's database.
- All users are removed from the group (their individual accounts are not affected).
- All permission set assignments for the group are revoked.
- The group disappears from the Groups list.
Before deleting a group, check its member count and assignments. If users in this group need continued access, either create individual user assignments or move the users to another group first.
Manage Members
Add or remove users from a group. Managing group membership is the primary way to control which users receive the group's permission set assignments.
Prerequisites
- The group must already exist.
- Users you want to add must already exist in the organization.
Adding Users to a Group
Step-by-Step Guide
- Navigate to Admin Portal > Groups from the sidebar.
- Locate the group you want to manage and click on it.
- In the group details view, click Add Members.
- A multi-select list of available users will appear.
- Select one or more users to add to the group.
- Click Add to confirm the selection.
The user list supports multi-select, so you can add several users to the group in a single operation. This is particularly useful when onboarding a new team.
Removing Users from a Group
Step-by-Step Guide
- Navigate to Admin Portal > Groups from the sidebar.
- Locate the group you want to manage and click on it.
- In the current members list, locate the user you want to remove.
- Click the Remove action next to the user's name.
- Confirm the removal when prompted.
Removing a user from a group revokes all group-level assignments for that user. If the user has no other path to access (via another group or direct user assignment), they will lose AWS access for those accounts.
What Happens Next
After modifying group membership:
- The membership changes are saved in Prism's database immediately.
- The member count for the group is updated in the Groups list.
- Added users inherit all group assignments for this group.
- Removed users lose all group assignments for this group (unless they have the same access via another path).
Best Practices
- Audit membership regularly -- Review group membership periodically to ensure only authorized users have access.
- Use groups for team-based access -- Align groups with your team structure for easier management.
- Check assignments before removing -- Before removing a user from a group, verify whether they need continued access through a different group or a direct assignment.