11.9.4. About Roles and User Groups
Users authenticated using either the
mgmt-users.propertiesfile or an LDAP server, can be members of user groups. A user group is an arbitrary label that can be assigned to one or more users.
The RBAC system can be configured to automatically assign roles to users depending on what user groups they are members of. It can also exclude users from roles based on group membership.
When using the
mgmt-users.propertiesfile, group information is stored in the
mgmt-groups.propertiesfile. When using LDAP the group information is stored in the LDAP sever and maintained by those responsible for the LDAP server.