Group management
Advanced Server Access provides group management by optionally allowing a group of users in Advanced Server Access who have been granted permissions on a project to be synchronized as a local system group to servers in that project.
No additional configurations are added to Advanced Server Access-managed groups. These synchronized groups exist to support extensible configuration of permissions for users managed by Advanced Server Access with external configuration management tools. When a group is granted admin rights on a project, those rights are managed independently of Advanced Server Access's group management. It's not required to synchronize a group in order to grant admin rights to that group.
By default, user groups in Advanced Server Access are not synchronized to servers. This feature must be explicitly enabled for each group to be managed. A group is only synced to servers that are enrolled in the project(s) where you have enabled the sync flag for that group.
Groups managed by Advanced Server Access contain the server user accounts that correspond to the Advanced Server Access users present in that group in the Advanced Server Access platform.
This feature is currently only available on systems running Linux.
Enable group management
You can enable group management when you add a new group to a project or by editing a group that already belongs to a project.
To enable group management when adding a group to a project:
- Open an existing project from the Advanced Server Access dashboard.
- Go to the Groups tab.
- Click Add Group to Project. The Add Group to Project dialog appears.
- Select the group to add to the project from the Group field.
- Select either User or Admin permissions to assign to the group.
- Select Sync group to servers to enable group management.
- Click Create Group.
To enable group management for a group that belongs to a project:
- Open an existing project from the Advanced Server Access dashboard.
- Go to the Groups tab.
- Click the gear beside the group, then click Edit. The Edit Group for Project dialog appears.
- Select Sync group to servers to enable group management.
- Click Update Group.
Synchronized Group Name
On Linux
To avoid naming collisions, groups created by the agent are prefixed with sft_
. Groups created by Advanced Server Access are assigned a GID on a per project basis incrementally, starting with 63001
. If the agent encounters a conflict with either the name or GID, it will attempt to take ownership of the conflicting group.
List managed groups
To see which groups in a project are managed by the agent:
- Click the project to open.
- Select the project that contains the groups to list.
- Click the Groups tab for the project.
Groups managed by the agent have a check mark in the SYNC TO SERVER column.
Stop syncing a group to servers
Similar to enabling group management for a group, you can disable group management and stop syncing a group to servers. When you stop syncing a group, the group is deleted from the servers in the project and any users that were members of the group are also removed from the servers.
To disable group management for a group that belongs to a project:
- Click the project to open.
- Select the project that the group belongs to.
- Click the Groups tab for the project.
- Click the gear beside the group, then click Edit. The Edit Group for Project dialog appears.
- Clear the Sync group to servers check box to disable group management.
- Click Update Group.
Delete a group
When you remove a group from the project the group is removed from the servers in the project.