Group Management
The Group Management screen in D.Hub allows you to create user groups, assign members to groups, and synchronize with external IdP groups. Groups are an efficient management unit that enables granting access permissions to multiple users at once for resources.
Only users with admin privileges can access this page. Regular users accessing the /settings/groups path will see an insufficient permissions notice.
How to Access
Click the Settings menu at the bottom of the sidebar, then navigate to the Group Management tab. This screen is mapped to the /settings/groups path and is protected by AdminRoute.
Group List
Upon entering the Group Management screen, all created groups are displayed in a table.
| Column | Description |
|---|---|
| Group Name | Unique identifier name of the group |
| Description | Description of the group's purpose |
| Member Count | Number of users belonging to the group |
| Created Date | Date the group was created |
Creating Groups
Click the + Add Group button on the group list screen to open the group creation dialog.
Creation Fields
| Field | Required | Description |
|---|---|---|
| Group Name | ✅ | Unique name for the group. Lowercase letters, numbers, and hyphens are allowed. |
| Description | Description text about the group's purpose or scope. |
After filling in all fields, click the Create button to create the group.
It is recommended to name groups systematically based on organizational structure or project units. Example: data-engineering-team, project-alpha-viewers
Member Management
Click on a group to navigate to the detail screen, where you can view and manage the members belonging to the group.
Adding Members
- Click the Add Members button on the group detail screen
- Search for and select users to add from the registered user list
- Click the Add button to immediately add the selected users to the group
Removing Members
Select the user to remove from the group member list and click the Remove button. Removed users immediately lose access permissions granted through that group.
A user can belong to multiple groups simultaneously. Removing a member does not affect access permissions granted through other groups.
OIDC Group Sync
Groups managed in an external IdP (Keycloak, Azure AD, Zitadel) can be synchronized to D.Hub. Through synchronization, you can replicate the IdP's group structure and membership in D.Hub.
Sync Procedure
- Click the Sync Groups button on the group list screen
- Group lists and membership information are fetched from the connected IdP
- Groups that do not yet exist in D.Hub are automatically created
- Each group's member list is synchronized with IdP information
Group Mapping by IdP
| IdP | Group Source | Mapping Method |
|---|---|---|
| Keycloak | Realm Groups | Mapped by group name |
| Azure AD | Security Groups | Mapped by group Display Name |
| Zitadel | Projects / Grants | Mapped by project role |
Sync is a one-way operation from IdP → D.Hub. Modifying groups in D.Hub does not reflect changes in the IdP.
Group-Based Access Control
Groups are a core unit for efficiently managing access permissions to D.Hub resources. Granting permissions to groups instead of individual users provides the following benefits:
- Batch permission management: Setting permissions on a group once automatically applies to all members
- Automatic reflection on membership changes: Adding or removing users from a group immediately changes their access permissions
- Organizational structure alignment: Organize groups by department, team, or project to build a permission system that matches your actual organizational structure
Applicable Resources
| Resource | Description |
|---|---|
| Collection | Access to collections and sub-items (Dataset, Code, Pipeline) |
| Knowledge | Access to Knowledge documents and AI Chat |
| Dashboard | Dashboard viewing and editing permissions |
| Pipeline | Pipeline execution and editing permissions |
For details on how to configure access permissions for each resource, see the Authentication & Access Control document.
Next Steps
| Document | Description |
|---|---|
| User Management | View users, create users, OIDC sync |
| Authentication & Access Control | ReBAC-based access control details |