What are groups?

||Connect docs via MCP

Groups bundle users together so you can assign access in bulk. Instead of attaching every persona, purpose, or role to individual users, you put users into a group once and assign the group. Every member inherits that access automatically.

Why use groups

Groups let you manage access by team instead of one user at a time.

Maintainable

Change access by moving users between groups, not by editing dozens of policies.

Consistent

A team always has the same access, regardless of which individual joins.

Scales

New users inherit the group's access on day one, with no manual setup per user.

Source-of-truth sync

Keep membership aligned with Okta, Azure AD, Google, or any OIDC/SAML provider.

Reach for a group when you want to give a whole team the same persona or purpose, when IdP group membership should drive Atlan access, when a new hire needs the right access on day one, or when you want to revoke a leaver's access in one place instead of editing every policy.

How groups work

Create a group, add users, then assign that group to a persona, purpose, or role. Every member inherits the access automatically, and so does anyone you add later.

Marketing Analysts

SASarah

TOTom

LILisa

assigned once to

Access objects

persona · purpose · role

Marketing persona

PII purpose

Member role

Result: Assign the Marketing Analysts group to a persona, purpose, or role once, and Sarah, Tom, and Lisa all inherit it. Anyone added to the group later gets the same access automatically, and removing someone revokes it on their next sign-in.

Membership can be static (you add and remove users manually) or dynamic (driven by rules or synced from your identity provider). Either way, a group does not grant access on its own. It is a convenience layer for assigning personas, purposes, and roles to many users at once.

Manage groups

OT

Organize teams in groups

Create groups, add users, and delete groups you no longer need.

SG

Sync groups from your IdP

Map identity-provider groups to Atlan groups so membership updates on every sign-in.

PG

Provision groups by designation

Assign users to groups automatically based on job title or designation.

AR

Assign roles by group name

Use the User Role Sync app to set each user's role from their group membership.

See also

• Scope team access (personas): Assign a group to a persona to give a whole team a scoped view.
• Protect sensitive data (purposes): Assign a group to a purpose for tag-based access.
• Add and manage users: The roles and user lifecycle that groups build on.
• Permissions & data access: How personas, purposes, and roles combine.