You are here: 10 – Principals > 10.1 About principal management

About principal management

Principals are a way for administrators to assign roles (for details, see About role management) to groups comprised of LDAP groups and users. As administrators, you can create a principal, specify which users it includes, and assign to it a specific role that will apply to all its users. The Principal Management page also lets you manage the principals that you have already created. You can modify existing principals (for instance by adding and removing users/groups or by changing role assignments) and delete principals that you no longer need.

Use case

Let's say that you have created a role (for more information, see About role management) that contains permissions to read, create, modify, and delete custom services in Viewpoint. However, you only want users that are members of a certain LDAP group to have this role.

To avoid having to assign roles to each of these users individually, you can do the following:

Create a new principal.
Add the LDAP group to the principal.
Assign the role to the principal.

Now each user in the principal is automatically assigned the role. Additionally, you are now able to manage the principal in one place if you need to make modifications to it in the future.

You can manage principals on the Principal Management page (Administration > Principal Management).