If you have a significant number of DefectDojo users, you may want to create one or more Groups, in order to set the same Role-Based Access Control (RBAC) rules for many users simultaneously. Only Superusers can create User Groups.
Groups can work in multiple ways:
Set one, or many different Product or Product Type level Roles for all Group Members, allowing specific control over which Products or Product Types can be accessed and edited by the Group.
Set a Global Role for all Group Members, giving them visibility and access to all Product or Product Types.
Set Configuration Permissions for a Group, allowing them to change specific functionality around DefectDojo.
For more information on Roles, please refer to our Introduction To Roles article.
The All Groups page
From the sidebar, navigate to 👤Users > Groups to see a list of all active and inactive user groups.
From here, you can create, delete or view your individual Group pages.
Creating a new User Group
Navigate to the 👤Users > Groups page on the sidebar. You will see a list of all existing User Groups, including their Name, Description, Number of Users, Global Role (if applicable) and Email.
Click the 🛠️button next to the All Groups heading, and select + New Group.
This will take you to a page where you can create a new Group. Set the Name for this Group, and add a Description if you wish.
If you want a weekly report sent to a particular Email address, you can enter that as well.
You can also select a Global Role that you wish to apply to this Group, if you wish. Adding a Global Role to the Group will give all Group Members access to all DefectDojo data, along with a limited amount of edit access depending on the Global Role you choose. See our Introduction To Roles article for more information.
The account that initially creates a Group will have an Owner Role for the Group by Default.
Viewing a Group Page
Once you have created a Group, you can access it by selecting it in the menu listed under Users > Groups.
The Group Page can be customized with a Description. It features a list of all Group Members, as well as the assigned Products, Product Types, and the associated Role associated with each of these.
You can also see the Group’s Configuration Permissions listed here.
Managing a Group’s Users
Group Membership is managed from the individual Group page, which you can select from the list in the Users > Groups page. Click the highlighted Group Name to access the Group page that you wish to edit.
In order to view or edit a Group’s Membership, a User must have the appropriate Configuration permissions enabled as well as Membership in the Group (or Superuser status).
Add a User to a Group
User Groups can have as many Users assigned as you wish. All Users in a Group will be given the associated Role on each Product or Product Type listed, but Users may also have Individual Roles which supersede the Group role.
From the Group page, select + Add Users from the ☰ button at the edge of the Members heading.
This will take you to the Add Some Group Members screen. Open the Users drop-down menu, and then check off each user that you wish to add to the Group.
.Select the Group Role that you wish to assign these Users. This determines their ability to configure the Group.
Note that adding a member to a Group will not allow them access to their own Group page by default. This is a separate Configuration permission which must be enabled first.
Edit or Delete a Member from a User Group
From the Group page, select the ⋮ next to the Name of the User you wish to Edit or Delete from the Group.
📝 Edit will take you to the Edit Member screen, where you can change this user's Role (from Reader, Maintainer or Owner to a different choice).
🗑️ Delete removes a User's Membership altogether. It will not remove any contributions or changes the User has made to the Product or Product Type.
Managing a Group’s Permissions
Group Permissions are managed from the individual Group page, which you can select from the list in the Users > Groups page. Click the highlighted Group Name to access the Group page that you wish to edit.
Note that only Superusers can edit a Group’s permissions (Product / Product Type, or Configuration).
Add Product Roles or Product Type Roles for a Group
You can register as many Product Roles or Product Type Roles as you wish in each Group.
From the Group page, select + Add Product Types, or + Add Product from the relevant heading (Product Type Groups or Product Groups).
This will take you to a Register New Products / Product Types Page, where you can select a Product or Product Type to add from the drop-down menu.
Select the Role that you want all Group members to have regarding this particular Product or Product Type.
Groups cannot be assigned to Products or Product Types without a Role. If you're not sure which Role you want a Group to have, Reader is a good 'default' option. This will keep your Product state secure until you make your final decision about the Group Role.
Assign Configuration Permissions to a Group
If you want the Members in your Group to access Configuration functions, and control certain aspects of DefectDojo, you can assign these responsibilities from the Group page.
Assign View, Add, Edit or Delete roles from the menu in the bottom-right hand corner. Checking off a Configuration Permission will immediately give the Group access to this particular function.