# Creating And Enabling Keystone Groups And User Associations

## Introduction

In this article, we describe the features included in the UI, which allow administrators to create groups of local users. These features are located under the Tenants and Users dashboard, within the Admin Settings. With this solution, users can create a named group, assign them access to a specific tenant and region, providing access as an Admin, Self Service or Read only subscriber. To access these settings, click on the username in the upper-right hand corner, then click on **Admin Settings**.

<figure><img src="/files/8FwzaId8hJy2iuvFezU5" alt=""><figcaption></figcaption></figure>

## Groups

Once in the Admin Settings area, go to the *Tenants and Users* tab to view and edit the Tenants, Users and Groups.

<figure><img src="/files/22Bj0VazFWx7d42h1vW0" alt=""><figcaption></figcaption></figure>

Navigate to the Groups tab and click on the New Group button.

<figure><img src="/files/VNuIVCXe08YWOQpvmGnh" alt=""><figcaption></figcaption></figure>

On the Add New Group page, enter a Name, Description, Tenant and Role access. Next, define what Tenants this Group will be able to access, and what role those users will be assigned to within each Tenant. Once complete, click Save. The users in that group can now access the Platform9 services and control cluster access as noted in the Kubernetes RBAC Policies.

<figure><img src="/files/WnlSiAk9Bm2vfCFFLIwO" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
**Note**

Admins should only assign a user to a unique group. If a user belongs to multiple groups, they will automatically be granted the privileges associated with each group.
{% endhint %}

If you have questions regarding this setup, reach out to our [Support Team](https://platform9.zendesk.com/hc/en-us/requests/new?ticket_form_id=360000924873) for further assistance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-kubernetes/5.7/security/creating-and-enabling-keystone-groups-and-user-associations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.