Group Permissions
Depending on a GMS user's role, they will see a subset of group functionality. Note that applications can be considered users and included in groups, such as an administrator group, to grant them the corresponding permissions.
| Role | Permissions |
|---|---|
| System Administrators | Full group management |
| Service Desk | Full group management |
| Owner | Full group management |
| Members of administrator group | Full group management |
| Members of moderator groups | Full group management but cannot update administrator group |
| Members of reader groups | Can read all properties |
| CERN Users | View basic information about the group and, depending on the privacy settings of the group, the members. Subscribe themselves based on subscription settings. |
| Non-CERN Users | View basic information about the group. Subscribe themselves based on subscription settings. |
Managed Groups
Groups may be created and managed by applications that call the API directly. This is commonly done by systems that generate groups programatically. In this case, the group's manager is set to the application. In many cases it is desirable that only the manager application update the group, however GMS supports a subset of edit actions for managed groups.
| Managed group type | Permissions |
|---|---|
| Managed | No changes allowed by end users |
| Managed but membership modifiable | Edit of membership possible |
| Managed but all modifiable | Full edit possible, but users are warned that changes may be overwritten |