Skip to content

You are viewing documentation for Immuta version 2022.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

cancel

Manage Attributes and Groups

Audience: System Administrators

Content Summary: System Administrators are responsible for managing users and their permissions, attributes, and groups. This page contains tutorials on managing groups and attributes in Immuta.

Additional Tutorials Contents:

  • Remove User from Group
  • Remove Group
  • Remove User or Group Attribute

Use Case Context

Use Case

Compliance Requirement: Users can only interact with Dev data.

For this requirement, the System Administrator needs to create groups for Dev, Test, and Prod teams. Then the System Administrator needs to add the corresponding Environment attribute to each group to be used in future policies. This process allows Administrators to add attributes to multiple users at one time.

Note: Administrators could alternatively just use Dev, Test, and Prod groups to manage access to data, but using attributes in Immuta allows more flexibility and granularity.

1 - Create Group

  1. Click the Admin icon in the left sidebar, and then select the Groups tab.

  2. Click the New Group button in the top right of the page.

    Add Group Button

Alternatively,

  1. Click the plus button in the top left of the Immuta console.

  2. Select the New Group icon.

  3. In the dialog, enter Dev. You have the option to enter a description of and email address for the new group.

  4. Click Save.

Repeat these steps for groups Test and Prod.

2 - Add User to Group

  1. Click the Admin icon in the left sidebar, and select the group from the Groups panel.

  2. Scroll to the Members section, and click the Add Members button.

    Add Group Members Button

  3. Begin typing in the Search by Name or Email text box.

  4. Click on the name from the dropdown list to add this user to the group, and then click Close.

Alternatively,

  1. Click the Admin icon in the left sidebar, and select the user from the Users tab.

  2. Scroll to the Groups section, and click the Add User to Groups button.

    Assign User to Groups Button

  3. Begin typing in the Group Name text box, and select the group from the dropdown list that appears.

  4. Click Close.

    Assign User to Groups Link

    Note: If no groups match, the dropdown will be empty.

3 - Add Group or User Attribute

Best Practice: Use External and Internal IAM

Use an external IAM for authentication and Immuta's internal IAM to manage attributes.

  1. Click the Admin icon in the left sidebar, and click the Groups tab at the top of the page.
  2. Select the Dev group.

  3. Click Add Attributes.

    Add Attributes Button

  4. Begin typing Environment in the Enter Attribute text box.

    • If the attribute already exists, select Environment from the dropdown list.

      Add Existing Attribute

    • If the attribute does not exist yet, enter Environment for the attribute, and then select it from the dropdown.

      Add Existing Attribute

  5. In the Attribute Value text box, enter Dev.

    • If the value already exists, select the Dev from the dropdown list.

    • If the value does not exist, enter Dev, and then select it from the dropdown.

      Add Existing Attribute Value

  6. Click Close.

Repeat these steps for Test and Prod groups, using Test and Prod as the attribute value.

Alternatively,

  1. Click the Admin icon in the left sidebar, and click the Users tab at the top of the page.

  2. Select the name of the user you want to add the attribute to.

  3. Scroll to the Attributes section, and click Add Attributes.

  4. Begin typing Environment in the Enter Attribute text box.

    • If the attribute already exists, select Environment from the dropdown list.

    • If the attribute does not exist yet, enter Environment for the attribute, and then select it from the dropdown.

  5. In the Attribute Value text box, enter Dev.

    • If the value already exists, select the Dev from the dropdown list.

    • If the value does not exist, enter Dev, and then select it from the dropdown.

  6. Click Close.

Additional Tutorials

Remove User from Group

  1. Select the group from the Groups tab.

  2. In the Members section, click Remove to the right of the member you want to remove.

    Remove Group Member

  3. Click Delete to confirm.

Alternatively,

  1. Click the Admin icon in the left sidebar, and select the user from the Users panel.

  2. Scroll to the Groups section, and click delete to the right of the group you want to remove.

    Assign User to Groups Link

  3. Click Delete in the confirmation window that appears.

Remove Group

  1. Select the group from the Groups panel.

  2. Click the dropdown menu in the top right of the group details, and select Delete.

    Remove Group

  3. Click Delete to confirm.

Remove User or Group Attribute

  1. Click the Admin icon in the left sidebar, and select the Users or Groups tab.

  2. Select the user or group you would like to manage.

  3. Scroll to the Attributes section, and click Delete to the right of the attribute you would like to remove. Note: This action will remove the attribute and all of its values.

    Remove Attribute

  4. Click Confirm.

Remove Attribute Value

  1. Click the Admin icon in the left sidebar, and select the Users or Groups tab.

  2. Select the user or group you would like to manage.

  3. Scroll to the Attributes section, click the menu icon in the Actions column, and click Remove on the attribute value you want to remove.

  4. Click Confirm.