Login 24/7 Support Community tyk.io

Create User Groups

Introduction

Instead of setting permissions per user, you can create a group, and assign it to one or more users.

You can use User Groups to help with Role Based Access Control (RBAC) for your users. For example, if you only want certain users to access the Tyk Logs, you can create a Logs User Group, then give those users the Logs Read permission and add them to your Logs User Group. See User Roles for assigning permissions to users.

This also works for Single Sign On (SSO) as well, you can specify the group ID when setting up SSO.

This Role Based Access Control (RBAC) feature is available to all our SaaS users. For On-Premises installations, this feature is available for customers with at least a 5-node or Cloud Native Unlimited-node license.

In order to manage user groups, ensure that you have either “admin” or “user groups” permission for your user, which can be enabled by your admin.

Note

A user can only belong to one group.

Create a User Group with the Dashboard

Step 1: Select “User Groups” from the “System Management” section

User group menu

Step 2: Click “ADD NEW USER GROUP”

Add user group location

Step 3: Add User Group Name

Enter the name for your User Group, and an optional Description.

Add name

Set User Group Permissions

Selet the User Group Permissions you want to apply.

Add permissions

Note

You can now create your own custom permissions using the Additional Permissions API or by updating the <code>security.additional_permissions</code> settings in your Tyk Dashboard tyk_analytics.conf. See Open Policy Agent for more details.

Step 4: Click “Save” to create the Group

Click Save

Step 5: Add Users to your Group

  1. From the Users menu, select Edit from the Actions drop-down list for a user to add to the group.
  2. Select your group from the User group drop-down list.

select user group

Click Update to save the User details

update user

Managing User Groups with the Dashboard API

You can also manage User Groups via our Dashboard API. The following functions are available: