Managing groups in CDP A PowerUser can create and manage CDP groups on the CDP web interface or via CDP CLI. Reserved group namesThere are certain group names that are reserved and therefore cannot be used in CDP. This applies to groups synchronized from your identity provider as well as groups created directly from CDP. Understanding CDP groupsA CDP group is a collection of user accounts that have the same roles and resource roles. A group can include CDP user accounts and machine user accounts. A group cannot include other groups. All users in a group inherit the roles and resource roles assigned to the group.Synchronizing group membershipCDP can synchronize the user's group membership provided by your enterprise IdP with the user's group membership in CDP.Creating a groupCreate CDP groups based on the tasks performed by CDP users in your organization.Adding or removing a user from a groupYou can add or remove a CDP user or a machine user account from a group. Assigning account roles to groupsWhen you assign a role to a group, the role is also assigned to all user and machine user accounts in the group.Assigning resource roles to groupsWhen you assign a resource role to a group, the resource role is also assigned to all user and machine user accounts in the group.Assigning a group membership administratorAs a CDP administrator, you can create a CDP group and manage the users, roles, and resources assigned to the group. You can also assign other users and groups the IamGroupAdmin role to allow them to manage the users in the group.Updating a groupIn some cases, you can enable or disable SyncMembership for a group.Removing account roles from a groupWhen you unassign a role to a group, the role is also unassigned to all user and machine user accounts in the group.Deleting a groupYou can delete a group from CDP.
