Administrators can add user groups in Virtual Private Cloud OnDemand and assign a role to them.

Administrators create and manage groups, manage membership and add users to the groups. The group-based access control simplifies management of user privileges and eliminates the need to assign roles and permissions on a per-user basis.

Creating local user groups within the service does not require any additional configuration and can be done easily through the UI. A user can belong to multiple groups. A user can have more than one role if they belong to one or more groups because they would have a role assigned directly to them and they would also inherit roles assigned to their groups. If a user has more than one role through a group membership, the user’s access level is the superset of all the roles.