Itential Automation GatewayGateway ManagerService groups

Service groups in Gateway Manager

Service groups are organizational containers that logically group the services on your gateway clusters. They serve as the foundation for controlling which users can access and utilize specific services within your gateway environment.

You can think of service groups like departments in a company. Each department gives specific employees access to the resources they need for their jobs. Service groups work the same way - they give user groups access to the services they need.

Key benefits of service groups

Enhanced security and access control

  • Restrict service visibility based on user roles and responsibilities
  • Prevent unauthorized access to sensitive or critical services
  • Maintain separation of concerns across different teams

Improved organization and management

  • Group related services together for easier navigation
  • Reduce clutter by showing users only relevant services
  • Simplify administration through logical service categorization

Flexible resource allocation

  • Assign services to multiple groups when needed
  • Dynamically manage service availability without disrupting workflows
  • Scale access permissions as your organization grows

Streamlined user experience

  • Users see only the services they need for their work
  • Faster service discovery and selection
  • Reduced complexity in workflow creation

Default service group

Every gateway cluster automatically creates a Default Service Group when you first establish the gateway. The default service group has the following characteristics:

Default service group properties

  • Name: Always “Default Service Group”
  • Automatic creation: Created automatically with every new gateway
  • Cannot be deleted: Remains active for the gateway’s entire lifecycle
  • Universal access: Always includes ALL services the gateway discovers
  • Inherited permissions: Automatically maps to ALL user groups you assign to the gateway cluster

Why you need the default service group

The default service group acts as a safety net. It ensures that:

  • No discovered services become inaccessible due to configuration errors
  • Gateway administrators always see all services
  • New services are immediately available while administrators decide on proper grouping

Manage service access

For users

  • You can only see and use services from service groups where you’re a member of an assigned user group
  • To run a service, you need read access through service group membership and the service:run role
  • Contact your administrator if you need access to additional services

For administrators

  • Use service groups to implement role-based access control
  • Grant service group creation rights to trusted users who need to manage specific service collections
  • Grant service group access to builders and operators instead of direct gateway access
  • Monitor service usage through service group reporting

Common scenarios

New team member joins When a new team member joins, add them to the appropriate user group. They’ll automatically gain access to all service groups you assign to that user group.

Cross-team project Create a dedicated service group that contains services needed for the project. Assign it to all relevant user groups participating in the project.

Service decommissioning When you retire a service, remove it from all service groups except the default service group, where it remains until you completely remove the service from the gateway.

Compliance requirements Create separate service groups for services that handle sensitive data. Restrict access to authorized personnel only.