Pre-defined role-based groups support all the available product roles, and control user access to specific capabilities within the product interface. The product properties file defines the various role-based group mappings. By default, a single group is mapped to a role.
For example, consider the IA.properties file with the following group mapping:
ROLE_SUPERUSER_GROUP_MAPPING=Superuser
ROLE_SECURITY_ADMIN_GROUP_MAPPING=Security Admin
In the above example, a member of the Security Admin group inherits all the permissions defined at the Security Admin role.
Multiple groups can be mapped to a single role. Hence, you can have more than one group separated by a semi colon, mapped to the same role.
For example, consider the IA.properties file with the following group mapping:
ROLE_SUPERUSER_GROUP_MAPPING=Superuser; Security Admin ROLE_SECURITY_ADMIN_GROUP_MAPPING=Security Admin
In the above example, a member of Security Admin group has all the basic permissions defined in the Security Admin role and the Superuser role.