Edit RBAC Membership Policies

When organizational structures change or you need to modify who automatically receives Group membership, you can update RBAC membership policies. These policies automatically assign group membership based on organizational attributes like department, location, or other role memberships, reducing manual assignment overhead.

Before You Use This Workflow

Access Requirements: You must have appropriate permissions to manage the specific Group you want to modify.

tip

Use this workflow when organizational structures change, when you need to expand or restrict automatic group assignments, or when refining group assignment criteria for better access control.

Before You Start

Make sure you have:

• Understanding of current automatic assignment criteria
• Knowledge of which organizational attributes should trigger group assignments
• Decisions about expanding, restricting, or modifying membership policies

Get Started

1. Navigate to the Resource Admin portal
2. Select Groups from the resource type menu
3. Click the Workflows tab
4. Find and click Manage Group Wizard
5. Search for the Group you want to modify, then check the box next to it and click Next
6. Select Edit RBAC Membership Policies from the available actions
7. Click Next to proceed to the RBAC membership policy configuration

Update RBAC Membership Policies

The interface displays sections for adding new policies and managing existing ones. You can add new automatic membership rules and modify or remove current policies all from the same screen.

1. Add new RBAC membership policies:

   • Use the Choose Type dropdown to select the type (Person, Group, SetGroup, Management Role, Business Role, or Location).
   • Search for and select the specific person, group, or role.
   • Repeat as needed to add multiple policies.
   • Use the Added counter to view your new policy selections.

2. Modify existing RBAC membership policies (if the group has current policies):

   • Current policies are displayed in the table showing Assignee Type, Display Name, Logon Name, and eMail.
   • For each policy, click Remove to delete it or Keep to retain it.
   • Review all existing policies and their assignee details before making changes.

3. Preview membership (optional):

   • Check the Preview RBAC Membership Resultant People box to see who will receive automatic membership based on your current policy selections before submitting the request.

4. Click Next to proceed.

5. Review membership preview (if you selected the preview option):

   • Review the RBAC Membership Assignee Count showing how many users will be affected by your policy changes.
   • The table displays the action type, assignee type, display name, and resulting user count for each policy.
   • Handle threshold warnings or approval options (if they appear):
     • If the system displays a threshold warning, review the message and decide whether to proceed or go back to adjust your selections.
     • If Enable Collaboration Approval appears, select Yes to create approval tasks or No to return to the previous page to adjust memberships to meet the threshold.
   • Click Next to see the detailed list of people who will be affected.

6. Review detailed member list (if previewing):

   • Review the complete list of individuals who will receive group membership based on your policy changes.
   • Use the search functionality to find specific people if needed.
   • Click Next to continue.

7. Click Submit to apply the RBAC membership policy updates.

Complete the Workflow

1. Review the Operation Execution Summary to confirm your changes were applied successfully.
2. Click Submit to continue.
3. Choose your next action:
   • Do you want to manage the same Group? - Select this to perform additional actions on the same group.
   • Do you want to manage different Group(s)? - Select this to work with other Groups.
   • Do you want to finish the workflow? - Select this to complete the process and exit the wizard.
4. Click Submit to proceed with your selected option.

What Happens Next

• Once changes are applied, qualifying users will automatically receive or lose group membership based on the updated policies.
• New users who meet the criteria will automatically be assigned to the group when they join the organization or change positions.

If You Run Into Problems

Policies assign too many people: Review your criteria carefully - broad selections like entire locations can result in unexpected assignments. Consider using more specific groups or organizational units.

Changes don't appear to affect users: RBAC policies may require approval before taking effect. Check for pending business requests related to your changes.

Can't find the right organizational attribute: Verify the person, group, or role exists in the system and you have permission to reference it in policies.

Related Actions

• To modify group ownership, see Edit Group Owners and Deputies.
• To add users directly to groups, see Add People to Group or Add Accounts to Group.
• To configure self-service settings, see Edit IAM Shop Settings.