Creating Groups in a UAA Instance
If you design your application to authorize using specific scopes, you can create groups corresponding to those scopes in UAA and assign users to those groups. When the users log into your web application, the application redirects them to UAA. If a user is in the specified group and you chose to authorize the web application with that scope, the web application gets a signed token that contains that scope.
About this task
Predix platform services have scopes specific to each service. When you create users for these services, you can create groups corresponding to these scopes to provide permissions specific to a service. After creating groups, you can assign users to the required groups.
For example, if you use the Time Series service, you must create the timeseries.zones.<instance_id>.user and timeseries.zones.<instance_id>.ingest groups for users with data ingestion permission.
For a list of scopes for all platform services, see r_authorities_or_scopes_required_for_services.html#reference_ec1_t3d_bx.
Use the following procedure to create groups in UAA:
Procedure
- In the Console view, select the Space where your services are located.
- In the Services Instances page, select the UAA instance that you need to configure.
- Select the Configure Service Instance option.
- In the UAA Dashboard login page, specify your admin client secret and click Login.
- In UAA Dashboard, select the User Management tab.The User Management tab has two sections, Users and Groups. The Groups section displays the groups that you have created in your UAA instance.
- Click on the Create Group option to open the New Group form.
- Specify the following values in the New Group form:
Field Description Display Name Specify the name of the group. Description Specify the description of the group.