If the user store is an LDAP directory, you can add a group as a member of another group. The group is called a nested group.
The group containing the nested group is called a parent group. Members of the nested group become members of the parent group. However, members of the parent group do not become members of a nested group.
Nested groups are similar to email distribution lists where one list can be a member of another. With nested groups, you can add groups and users as members in the group. By nesting a group in another group's membership list, you could include all nested groups members.
For example, if you created separate groups for the manufacturing, design, shipping, and accounting divisions of a company, you can construct a parent group for the entire company by nesting all the separate division groups as members of the company parent group. As a result, any changes you made to the manufacturing, design, shipping, and accounting nested groups would be automatically reflected in the nested group for the entire company. A group that is nested within another group can be dynamic and/or contain other nested groups.
The figure in Static, Dynamic, and Nested Groups Example shows a parent group created by static, dynamic, and nested groups.
Be aware of the following before creating a nested group:
For example, if parent Group A is created by nested groups B and C, the Group A administrator can only modify the members of Group A and not B and C. Groups B and C can only be modified by their appropriate administrators.
To create a nested group:
Copyright © 2013 CA.
All rights reserved.
|
|