stig-manager icon indicating copy to clipboard operation
stig-manager copied to clipboard
verified publisher icon NUWCDIVNPT

FEATURE REQUEST: Ability to create groups to assign to collections

Open vogtjob opened this issue 2 years ago • 3 comments

Request the ability to create groups within STIG-Manager and assign users to these groups. This feature would greatly benefit our organization, as we have several sub-organizations, and assigning users to multiple collections can be a time-consuming task.

Assigning users to a pre-existing group already assigned to a collection and the correct permissions already set would ease the initial effort of assigning users to many collections. For example, when a new member joins our cyber team, we assign them individually to approximately 50 collections. With the ability to assign users to groups, we could streamline this process and save valuable time.

vogtjob avatar Jan 11 '24 17:01 vogtjob

Hi @vogtjob Thank you for the suggestion! We can see how this would be useful, and will consider implementing it. Some initial thoughts:

  • Since this request would affect access across multiple collections, it would likely only be accessible to Application Managers.
  • Would/should individual Owners/Managers of a Collection be able to grant a User who was a member of a group that already includes access to their Collection a collection-level grant that overrides the level of access provided by the group membership?
    • My first thought is that Collection-level grants should override access provided by group memberships.
    • Would probably require refactoring the App Management User report to better show both the cumulative and components contributing to their accessible Collections

cd-rite avatar Jan 18 '24 23:01 cd-rite

Thank you for the consideration.

I agree with you on all points above. It would make sense that a User could be granted permissions higher than the group for some Collections and these permissions should override the level of access in the group.

vogtjob avatar Jan 19 '24 14:01 vogtjob

I want to show my support for this, permission groups are very necessary. I ran into this issue the other day where I spent an hour or so updating user permissions on collections. I had to make a lot of changes so I ended up copying (without any assets) a 'master' collection with the permissions I wanted and then juggling the assets from an old collection into the empty new collection, finally deleting the old collection.

jeremygifford avatar Mar 06 '24 00:03 jeremygifford