Group management

Advanced Server Access provides group management by optionally allowing a group of users in Advanced Server Access who have been granted permissions on a project to be synchronized as a local system group to servers in that project.

No additional configurations are added to Advanced Server Access-managed groups. These synchronized groups exist to support extensible configuration of permissions for users managed by Advanced Server Access with external configuration management tools. When a group is granted admin rights on a project, those rights are managed independently of Advanced Server Access’s group management. It's not required to synchronize a group in order to grant admin rights to that group.

By default, user groups in Advanced Server Access are not synchronized to servers. This feature must be explicitly enabled for each group to be managed. A group is only synced to servers that are enrolled in the project(s) where you have enabled the sync flag for that group.

Groups managed by Advanced Server Access contain the server user accounts that correspond to the Advanced Server Access users present in that group in the Advanced Server Access platform.

Advanced Server Access’s group management feature is currently only generally available for Linux. Please contact Support to learn about our roadmap for supporting this feature on Windows.

Enable group management

Group management can be enabled for a group when you add it to a project or by editing the group when it belongs to a project.

To enable group management for a group when adding it to a project:

  1. Click the project to open.

  2. Select the project to add the group to.
  3. Click the Groups tab for the project.

  4. Click Add Group to Project. The Add Group to Project dialog appears.
  5. Select the group to add to the project from the Group field.
  6. Select either User or Admin permissions to assign to the group.
  7. Select Sync group to servers to enable group management.

  8. Click Create Group.

To enable group management for a group that belongs to a project:

  1. Click the project to open.

  2. Select the project that the group belongs to.
  3. Click the Groups tab for the project.

  4. Click the gear icon beside the group, then click Edit. The Edit Group for Project dialog appears.
  5. Select Sync group to servers to enable group management.

  6. Click Update Group.

Synchronized Group Name

On Linux

To avoid naming collisions, groups created by the agent are prefixed with sft_. Groups created by Advanced Server Access are assigned a GID on a per project basis incrementally, starting with 63001. If the agent encounters a conflict with either the name or GID, it will attempt to take ownership of the conflicting group.

List managed groups

To see which groups in a project are managed by the agent:

  1. Click the project to open.

  2. Select the project that contains the groups to list.
  3. Click the Groups tab for the project.

  4. Groups managed by the agent have a check mark in the SYNC TO SERVER column.

Stop syncing a group to servers

Similar to enabling group management for a group, you can disable group management and stop syncing a group to servers. When you stop syncing a group, the group is deleted from the servers in the project and any users that were members of the group are also removed from the servers.

To disable group management for a group that belongs to a project:

  1. Click the project to open.

  2. Select the project that the group belongs to.
  3. Click the Groups tab for the project.

  4. Click the gear icon beside the group, then click Edit. The Edit Group for Project dialog appears.
  5. Clear the Sync group to servers check box to disable group management.

  6. Click Update Group.

Delete a group

When you remove a group from the project the group is removed from the servers in the project.