Add, edit or delete an organization access group

Use organization access groups to assign users permissions and capabilities by role. To add an organization access group:

  1. Under organization settings, select Groups.

  2. Select an existing group to edit, or select Add group to create a new group.


    To find groups you can use the quick filter drop-down menu or the search field in the top left, or use the up/down arrows at the top of each column to sort.

    The default groups provided by Contrast, indicated with a lock icon, have fixed applications and roles, and can't be deleted. You can only add or remove users from these default groups.

  3. Fill out the form with:

    • Group name: Choose something that reflects the purpose, permissions and capabilities you will assign to this group.

    • Application access: Select the application name here to associate this group with the application. You can also set a group name when you are setting up a new application.

    • Role: Select the application role you want the members of this group to have within the corresponding application.

    • Select Add access to add more applications and roles.

  4. Next to Members, on the right, type ahead to select one or more users to assign to the group.

  5. When you are finished, select Add to create the new group.

  6. To delete a group, select User menu > Organization settings > Groups. Find the group you want to delete and select the Delete icon in that row.

    Once this is confirmed, the group is removed and any access provided by that group is revoked from all users assigned to the group.


To assign a user a role for all applications in the organization, assign them both an organization role and an application role from the default role groups. (For example, set both the organization and application roles to "Administrator" and they will have administrator permissions for all applications in your organization.)

To give a user access to a particular application, create an access group for that application and add the user to that group. Users not assigned to any application access groups won't have access. A user can have various roles across applications within a single organization.

Most Contrast customers use single organization deployments. Groups created at an organization level impact the roles and permissions across that particular organization. Organization access groups can also be created at a system level to allow users access to more than one organization