Managing Groups
- Write at least one policy that gives that group permission to either the tenancy or a compartment. When writing the policy, you can specify the group by using either the unique name or the group's OCID. For information about writing policies, see Managing Policies.
- Assign the group to an application.
The All-Domain-Users group is a group that's created by IAM. All identity domain users are assigned to this group by default. If you assign this group to any of your applications, then all users are assigned to these applications indirectly.
For a user, the All-Domain-Users group doesn't appear in the Groups tab because this group is assigned automatically when a new user is created. Also, because this group is created by IAM, and not by an administrator, you can't delete this group.
For information about the number of groups you can have, see IAM Object Limits.
- Creating a Group
- Adding Users to a Group
- Removing Users from a Group
- Assigning Applications to a Group
- Removing Applications from a Group
- Deleting Groups
Required Policy or Role
- Be a member of the Administrators group
- Be granted the Identity Domain Administrator role or the Security Administrator role
- Be a member of a group granted
manage
domains
To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and IAM Policies Overview.