Understanding CDP groups

A CDP group is a collection of user accounts that have the same roles and resource roles. A group can include CDP user accounts and machine user accounts. A group cannot include other groups. All users in a group inherit the roles and resource roles assigned to the group.

As a CDP administrator, you can create a group and manage the group membership. You can also manage the roles and resources assigned to the group. If you are not a CDP administrator, you can add users to and remove users from a group if you have the IamGroupAdmin resource role.

When you create a group, you do not automatically become a member of the group. To become a member of the group, you must add your user account to the group.

You can use groups to manage user access more efficiently. If multiple users require the same roles, you can create a group, add the user accounts to the group, and assign the required roles to the group. All user accounts in the group are assigned the roles assigned to the group.

If you delete a group, users in the group lose the roles that they inherit from the group. To allow a user to retain the group roles, assign the same roles to the user separately.