Skip to content

Group Permissions

Depending on a GMS user's role, they will see a subset of group functionality. Note that applications can be considered users and included in groups, such as an administrator group, to grant them the corresponding permissions.

Role Permissions
System Administrators Full group management
Service Desk Full group management
Owner Full group management
Members of administrator group Full group management
Members of moderator groups Full group management but cannot update administrator group
Members of reader groups Can read all properties
CERN Users View basic information about the group and, depending on the privacy settings of the group, the members. Subscribe themselves based on subscription settings.
Non-CERN Users View basic information about the group. Subscribe themselves based on subscription settings.

Managed Groups

Groups may be created and managed by applications that call the API directly. This is commonly done by systems that generate groups programatically. In this case, the group's manager is set to the application. In many cases it is desirable that only the manager application update the group, however GMS supports a subset of edit actions for managed groups.

Managed group type Permissions
Managed No changes allowed by end users
Managed but membership modifiable Edit of membership possible
Managed but all modifiable Full edit possible, but users are warned that changes may be overwritten